From 4d576fa2afc6af2f56527d82ee1a48875b4fe8b9 Mon Sep 17 00:00:00 2001
From: keycloak-bot <keycloak.bot@gmail.com>
Date: Tue, 5 Mar 2024 08:55:02 +0000
Subject: [PATCH] =?UTF-8?q?Deploying=20to=20main=20from=20=20@=2041b4df060?=
 =?UTF-8?q?b0365ca8e16bf5174cb5bf2c9f49534=20=F0=9F=9A=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 2024/03/keycloak-2401-released.html         |   113 +
 archive/documentation-24.0.html             |    16 +-
 archive/downloads-24.0.1.html               |   278 +
 blog-archive.html                           |     5 +
 blog.html                                   |    24 +-
 documentation.html                          |     6 +-
 downloads-archive.html                      |     1 +
 downloads.html                              |    38 +-
 getting-started/getting-started-docker.html |     2 +-
 getting-started/getting-started-podman.html |     2 +-
 getting-started/getting-started-zip.html    |     6 +-
 index.html                                  |     8 +-
 operator/installation.html                  |     6 +-
 operator/realm-import.html                  |     2 +-
 rss.xml                                     | 24167 +-----------------
 15 files changed, 1627 insertions(+), 23047 deletions(-)
 create mode 100644 2024/03/keycloak-2401-released.html
 create mode 100644 archive/downloads-24.0.1.html

diff --git a/2024/03/keycloak-2401-released.html b/2024/03/keycloak-2401-released.html
new file mode 100644
index 000000000000..fc4f6456414c
--- /dev/null
+++ b/2024/03/keycloak-2401-released.html
@@ -0,0 +1,113 @@
+
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <title>Keycloak 24.0.1 released - Keycloak</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="Keycloak is an open source identity and access management solution">
+    <meta name="author" content="Keycloak Team">
+    <meta name="keywords" content="sso,idm,openid connect,saml,kerberos,ldap">
+
+    
+
+    
+
+    <link href="https://www.keycloak.org/resources/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://www.keycloak.org/resources/@fortawesome/fontawesome-free/css/all.min.css" rel="stylesheet">
+    <link href="https://www.keycloak.org/resources/css/keycloak.css" rel="stylesheet">
+
+    <link rel="shortcut icon" href="https://www.keycloak.org/resources/favicon.ico">
+
+    <script src="https://www.keycloak.org/resources/js/ga.js" type="text/javascript"></script>
+    <script src="https://www.keycloak.org/resources/bootstrap/dist/js/bootstrap.min.js" type="text/javascript"></script>
+    <script src="https://www.keycloak.org/resources/tocbot/dist/tocbot.min.js" type="text/javascript"></script>
+</head>
+<body>
+
+<header class="navbar navbar-expand-md bg-light shadow-sm">
+<nav class="container-xxl flex-wrap flex-md-no-wrap navbar-light">
+    <a class="navbar-brand me-5" href="https://www.keycloak.org/">
+        <img class="img-fluid" src="https://www.keycloak.org/resources/images/logo.svg" width="240" alt="Keycloak"/>
+    </a>
+    <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
+      <span class="fa fa-bars fa-lg px-1 py-2"></span>
+    </button>
+    <div class="collapse navbar-collapse" id="navbarCollapse">
+      <ul class="navbar-nav flex-row flex-wrap bd-navbar-nav pt-2 py-md-0">
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/guides">Guides</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/documentation">Docs</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/downloads">Downloads</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/community">Community</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/blog">Blog</a>
+        </li>
+      </ul>
+    </div>
+</nav>
+</header>
+
+
+<div class="container mt-5 kc-article">
+    <h1>Keycloak 24.0.1 released</h1>
+    <p class="blog-date text-muted">March 05 2024</p>
+
+
+<p>To download the release go to <a href="https://www.keycloak.org/downloads.html">Keycloak downloads</a>.</p>
+
+    <h2>Highlights</h2>
+<div class="sect2">
+<h3 id="_operator_deploys_nightly_build_instead_of_24_0_0">Operator deploys nightly build instead of 24.0.0</h3>
+<div class="paragraph">
+<p>Due to an issue in the release process when deploying Keycloak using the Operator it installed the <code>nightly</code> container
+instead of <code>24.0.0</code>.</p>
+</div>
+<div class="paragraph">
+<p>As a quick fix to the issue, the <code>24.0.0</code> container was tagged with <code>nightly</code>, and the <code>nightly</code> releases was temporarily
+disabled.</p>
+</div>
+<div class="paragraph">
+<p>If you installed or upgraded to <code>24.0.0</code> using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code>SELECT * from migration_model WHERE version = '999.0.0';</code></pre>
+</div>
+</div>
+<div class="paragraph">
+<p>If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:</p>
+</div>
+<div class="listingblock">
+<div class="content">
+<pre class="highlight"><code>UPDATE migration_model SET version = '24.0.0' WHERE version = '999.0.0';</code></pre>
+</div>
+</div>
+</div>
+<h2>Upgrading</h2>
+<p>Before upgrading refer to <a href="https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes">the migration guide</a> for a complete list of changes.</p>
+
+</div>
+
+
+<div class="container mt-5">
+    <footer class="py-3 my-4 border-top">
+        <p class="text-center text-muted">Keycloak is a Cloud Native Computing Foundation incubation project</p>
+        <div class="text-center">
+            <img alt="Cloud Native Computing Foundation" src="https://www.keycloak.org/resources/images/cncf_logo.png"/>
+        </div>
+        <p class="mt-4 text-center small text-muted">&copy; Keycloak Authors 2023. &copy; 2023 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage">Trademark Usage page</a>.</p>
+    </footer>
+</div>
+
+</body>
+</html>
diff --git a/archive/documentation-24.0.html b/archive/documentation-24.0.html
index adefe971efe9..f649d0ec53b3 100644
--- a/archive/documentation-24.0.html
+++ b/archive/documentation-24.0.html
@@ -74,7 +74,7 @@ <h2 class="mt-4">Guides</h2>
     <tbody>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs/24.0.0/release_notes/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs/24.0.1/release_notes/index.html" target="_blank">
                 Release Notes
             </a>
         </td>
@@ -113,7 +113,7 @@ <h2 class="mt-4">Guides</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs/24.0.0/securing_apps/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs/24.0.1/securing_apps/index.html" target="_blank">
                 Securing Applications and Services
             </a>
         </td>
@@ -123,7 +123,7 @@ <h2 class="mt-4">Guides</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs/24.0.0/server_admin/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs/24.0.1/server_admin/index.html" target="_blank">
                 Server Administration
             </a>
         </td>
@@ -133,7 +133,7 @@ <h2 class="mt-4">Guides</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs/24.0.0/server_development/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs/24.0.1/server_development/index.html" target="_blank">
                 Server Developer
             </a>
         </td>
@@ -143,7 +143,7 @@ <h2 class="mt-4">Guides</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs/24.0.0/authorization_services/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs/24.0.1/authorization_services/index.html" target="_blank">
                 Authorization Services
             </a>
         </td>
@@ -153,7 +153,7 @@ <h2 class="mt-4">Guides</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs/24.0.0/upgrading/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs/24.0.1/upgrading/index.html" target="_blank">
                 Upgrading
             </a>
         </td>
@@ -170,7 +170,7 @@ <h2 class="mt-4">API Documentation</h2>
     <tbody>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs-api/24.0.0/javadocs/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs-api/24.0.1/javadocs/index.html" target="_blank">
                 JavaDoc
             </a>
         </td>
@@ -180,7 +180,7 @@ <h2 class="mt-4">API Documentation</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs-api/24.0.0/rest-api/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs-api/24.0.1/rest-api/index.html" target="_blank">
                 Administration REST API
             </a>
         </td>
diff --git a/archive/downloads-24.0.1.html b/archive/downloads-24.0.1.html
new file mode 100644
index 000000000000..c6034d24df95
--- /dev/null
+++ b/archive/downloads-24.0.1.html
@@ -0,0 +1,278 @@
+
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <title>Downloads 24.0.1 - Keycloak</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="Keycloak is an open source identity and access management solution">
+    <meta name="author" content="Keycloak Team">
+    <meta name="keywords" content="sso,idm,openid connect,saml,kerberos,ldap">
+
+    <meta name="robots" content="noindex">
+
+    
+
+    <link href="https://www.keycloak.org/resources/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://www.keycloak.org/resources/@fortawesome/fontawesome-free/css/all.min.css" rel="stylesheet">
+    <link href="https://www.keycloak.org/resources/css/keycloak.css" rel="stylesheet">
+
+    <link rel="shortcut icon" href="https://www.keycloak.org/resources/favicon.ico">
+
+    <script src="https://www.keycloak.org/resources/js/ga.js" type="text/javascript"></script>
+    <script src="https://www.keycloak.org/resources/bootstrap/dist/js/bootstrap.min.js" type="text/javascript"></script>
+    <script src="https://www.keycloak.org/resources/tocbot/dist/tocbot.min.js" type="text/javascript"></script>
+</head>
+<body>
+
+<header class="navbar navbar-expand-md bg-light shadow-sm">
+<nav class="container-xxl flex-wrap flex-md-no-wrap navbar-light">
+    <a class="navbar-brand me-5" href="https://www.keycloak.org/">
+        <img class="img-fluid" src="https://www.keycloak.org/resources/images/logo.svg" width="240" alt="Keycloak"/>
+    </a>
+    <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
+      <span class="fa fa-bars fa-lg px-1 py-2"></span>
+    </button>
+    <div class="collapse navbar-collapse" id="navbarCollapse">
+      <ul class="navbar-nav flex-row flex-wrap bd-navbar-nav pt-2 py-md-0">
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/guides">Guides</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/documentation">Docs</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link active" href="https://www.keycloak.org/downloads">Downloads</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/community">Community</a>
+        </li>
+        <li class="nav-item col-6 col-md-auto">
+          <a class="nav-link " href="https://www.keycloak.org/blog">Blog</a>
+        </li>
+      </ul>
+    </div>
+</nav>
+</header>
+
+
+<div class="container mt-5">
+    <h1>Downloads <span class="badge bg-primary">24.0.1</span></h1>
+
+    <nav aria-label="breadcrumb">
+    <ol class="breadcrumb">
+        <li class="breadcrumb-item"><a href="../downloads.html">Downloads</a></li>
+        <li class="breadcrumb-item"><a href="../downloads-archive.html">Archive</a></li>
+        <li class="breadcrumb-item active">24.0.1</li>
+    </ol>
+    </nav>
+
+
+<h2 class="mt-4">Server</h2>
+
+<table class="table table-bordered table-striped">
+    <tbody>
+    <tr>
+        <td>Keycloak</td>
+        <td>Distribution powered by Quarkus</td>
+        <td>
+<span class="me-4">
+<a onclick="dl('server', 'standalone');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.zip" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    ZIP
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.zip.sha1" target="_blank">sha1</a>)
+</span>
+<span>
+<a onclick="dl('server', 'standalone');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.tar.gz" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    TAR.GZ
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
+</span>
+        </td>
+    </tr>
+    <tr>
+        <td>Container image</td>
+        <td>For Docker, Podman, Kubernetes and OpenShift</td>
+        <td>
+            <a href="https://quay.io/repository/keycloak/keycloak" target="_blank">
+                <i class="fa fa-link"></i>
+                Quay
+            </a>
+        </td>
+    </tr>
+    <tr>
+        <td>Operator</td>
+        <td>For Kubernetes and OpenShift</td>
+        <td>
+            <a href="https://operatorhub.io/operator/keycloak-operator" target="_blank">
+                <i class="fa fa-link"></i>
+                OperatorHub
+            </a>
+        </td>
+    </tr>
+    </tbody>
+</table>
+
+<h2 class="mt-4">Quickstarts</h2>
+<table class="table table-bordered table-striped">
+    <tbody>
+
+    <tr>
+        <td>Quickstarts distribution</td>
+        <td>
+            <span class="me-4">
+
+            <a onclick="dl('examples', 'quickstarts');" href="https://github.com/keycloak/keycloak-quickstarts/tree/24.0.1" target="_blank">
+                <i class="fab fa-github" aria-hidden="true"></i>
+                GitHub
+            </a>
+            </span>
+            <span>
+            <a onclick="dl('examples', 'quickstarts');" href="https://github.com/keycloak/keycloak-quickstarts/archive/latest.zip" target="_blank">
+                <i class="fa fa-download" aria-hidden="true"></i>
+                ZIP
+            </a>
+            </span>
+        </td>
+    </tr>
+    </tbody>
+</table>
+
+
+<h2 class="mt-4">Client Adapters</h2>
+
+<div>
+    <ul class="nav nav-tabs my-3" role="tablist">
+        <li role="presentation" class="nav-item"><a class="nav-link active" href="#oidc" aria-controls="oidc" role="tab" data-bs-toggle="tab">OpenID Connect</a></li>
+        <li role="presentation" class="nav-item"><a class="nav-link" href="#saml" aria-controls="saml" role="tab" data-bs-toggle="tab">SAML 2.0</a></li>
+    </ul>
+
+    <div class="tab-content">
+        <div role="tabpanel" class="tab-pane active margin-top" id="oidc">
+            <table class="table table-bordered table-striped">
+                <tr>
+                    <td>JavaScript</td>
+                    <td>
+                        <table class="kc-table-downloads-inner">
+                            <tr>
+                                <td></td>
+                                <td>
+                                    <span class="me-4">
+                                    <a href="https://www.npmjs.com/package/keycloak-js/v/24.0.1" target="_blank">
+                                        <i class="fa fa-link"></i> NPM
+                                    </a>
+                                    </span>
+<span class="me-4">
+<a onclick="dl('adapter', 'js');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.zip" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    ZIP
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.zip.sha1" target="_blank">sha1</a>)
+</span>
+<span>
+<a onclick="dl('adapter', 'js');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.tar.gz" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    TAR.GZ
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
+</span>
+                                </td>
+                            </tr>
+                        </table>
+                    </td>
+                </tr>
+                <tr>
+                    <td>Node.js <b>[DEPRECATED]</b></td>
+                    <td>
+                        <table class="kc-table-downloads-inner">
+                            <tr>
+                                <td></td>
+                                <td>
+                                    <a href="https://www.npmjs.com/package/keycloak-connect/v/24.0.1" target="_blank">
+                                        <i class="fa fa-link"></i> NPM
+                                    </a>
+                                </td>
+                            </tr>
+                        </table>
+                    </td>
+                </tr>
+                <tr>
+                    <td>Tomcat <b>[DEPRECATED]</b></td>
+                    <td>
+                        <table class="kc-table-downloads-inner">
+                            <tr>
+                                <td>8, 9</td>
+                                <td>
+<span class="me-4">
+<a onclick="dl('adapter', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.zip" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    ZIP
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.zip.sha1" target="_blank">sha1</a>)
+</span>
+<span>
+<a onclick="dl('adapter', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.tar.gz" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    TAR.GZ
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
+</span>
+                                </td>
+                            </tr>
+                        </table>
+                    </td>
+                </tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div role="tabpanel" class="tab-pane margin-top" id="saml">
+            <table class="table table-bordered table-striped">
+                <tbody>
+                <tr>
+                    <td>Tomcat <b>[DEPRECATED]</b></td>
+                    <td>
+                        <table class="kc-table-downloads-inner">
+                            <tr>
+                                <td>8, 9</td>
+                                <td>
+<span class="me-4">
+<a onclick="dl('adapter-saml', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.zip" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    ZIP
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.zip.sha1" target="_blank">sha1</a>)
+</span>
+<span>
+<a onclick="dl('adapter-saml', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.tar.gz" target="_blank">
+    <i class="fa fa-download" aria-hidden="true"></i>
+    TAR.GZ
+</a>
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
+</span>
+                                </td>
+                            </tr>
+                        </table>
+                    </td>
+                </tr>
+                </tbody>
+            </table>
+        </div>
+    </div>
+</div>
+</div>
+
+<div class="container mt-5">
+    <footer class="py-3 my-4 border-top">
+        <p class="text-center text-muted">Keycloak is a Cloud Native Computing Foundation incubation project</p>
+        <div class="text-center">
+            <img alt="Cloud Native Computing Foundation" src="https://www.keycloak.org/resources/images/cncf_logo.png"/>
+        </div>
+        <p class="mt-4 text-center small text-muted">&copy; Keycloak Authors 2023. &copy; 2023 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our <a href="https://www.linuxfoundation.org/trademark-usage">Trademark Usage page</a>.</p>
+    </footer>
+</div>
+
+</body>
+</html>
diff --git a/blog-archive.html b/blog-archive.html
index cad6a3170ac6..96bcfd453dd5 100644
--- a/blog-archive.html
+++ b/blog-archive.html
@@ -71,6 +71,11 @@ <h2>2024</h2>
 
             <h3>March</h3>
 
+        <ul>
+            <li><a href="2024/03/keycloak-2401-released.html">Keycloak 24.0.1 released</a></li>
+        </ul>
+
+
         <ul>
             <li><a href="2024/03/keycloak-2400-released.html">Keycloak 24.0.0 released</a></li>
         </ul>
diff --git a/blog.html b/blog.html
index 6715c2c61abc..1856f5884a3a 100644
--- a/blog.html
+++ b/blog.html
@@ -59,6 +59,18 @@
 <div class="jumbotron jumbotron-fluid bg-light kc-bg-triangles pt-4 pb-2">
     <div class="container">
         <div class="row">
+        <div class="col-sm-6">
+            <div class="card shadow-sm mb-4">
+                <div class="card-body">
+                    <h4 class="card-title">Keycloak 24.0.1 released</h4>
+                    <span class="card-subtitle fs-xsmall text-muted">
+                        05 March 2024
+                        
+                    </span>
+                    <a href="https://www.keycloak.org/2024/03/keycloak-2401-released" class="stretched-link link-dark"></a>
+                </div>
+            </div>
+        </div>
         <div class="col-sm-6">
             <div class="card shadow-sm mb-4">
                 <div class="card-body">
@@ -143,18 +155,6 @@ <h4 class="card-title">Keycloak 23.0.3 released</h4>
                 </div>
             </div>
         </div>
-        <div class="col-sm-6">
-            <div class="card shadow-sm mb-4">
-                <div class="card-body">
-                    <h4 class="card-title">Keycloak 23.0.2 released</h4>
-                    <span class="card-subtitle fs-xsmall text-muted">
-                        14 December 2023
-                        
-                    </span>
-                    <a href="https://www.keycloak.org/2023/12/keycloak-2302-released" class="stretched-link link-dark"></a>
-                </div>
-            </div>
-        </div>
         </div>
         <div class="row">
             <div class="col">
diff --git a/documentation.html b/documentation.html
index 0a433855725f..e9ef1e7c94f9 100644
--- a/documentation.html
+++ b/documentation.html
@@ -57,7 +57,7 @@
 
 
 <div class="container mt-5">
-    <h1>Documentation <span class="badge bg-primary">24.0.0</span></h1>
+    <h1>Documentation <span class="badge bg-primary">24.0.1</span></h1>
 
 <h2 class="mt-4">Guides</h2>
 
@@ -162,7 +162,7 @@ <h2 class="mt-4">API Documentation</h2>
     <tbody>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs-api/24.0.0/javadocs/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs-api/24.0.1/javadocs/index.html" target="_blank">
                 JavaDoc
             </a>
         </td>
@@ -172,7 +172,7 @@ <h2 class="mt-4">API Documentation</h2>
     </tr>
     <tr>
         <td>
-            <a href="https://www.keycloak.org/docs-api/24.0.0/rest-api/index.html" target="_blank">
+            <a href="https://www.keycloak.org/docs-api/24.0.1/rest-api/index.html" target="_blank">
                 Administration REST API
             </a>
         </td>
diff --git a/downloads-archive.html b/downloads-archive.html
index b0466fde30d9..d47d851c962e 100644
--- a/downloads-archive.html
+++ b/downloads-archive.html
@@ -67,6 +67,7 @@ <h1>Downloads archive</h1>
     </nav>
 
     <ul>
+        <li><a href="archive/downloads-24.0.1.html">24.0.1</a></li>
         <li><a href="archive/downloads-24.0.0.html">24.0.0</a></li>
         <li><a href="archive/downloads-23.0.7.html">23.0.7</a></li>
         <li><a href="archive/downloads-23.0.6.html">23.0.6</a></li>
diff --git a/downloads.html b/downloads.html
index 844f557a1471..fab68aa55622 100644
--- a/downloads.html
+++ b/downloads.html
@@ -57,7 +57,7 @@
 
 
 <div class="container mt-5">
-    <h1>Downloads <span class="badge bg-primary">24.0.0</span></h1>
+    <h1>Downloads <span class="badge bg-primary">24.0.1</span></h1>
 
     <p>
         For a list of community maintained extensions check out the <a href="extensions.html">Extensions</a> page.
@@ -73,18 +73,18 @@ <h2 class="mt-4">Server</h2>
         <td>Distribution powered by Quarkus</td>
         <td>
 <span class="me-4">
-<a onclick="dl('server', 'standalone');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-24.0.0.zip" target="_blank">
+<a onclick="dl('server', 'standalone');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.zip" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     ZIP
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-24.0.0.zip.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.zip.sha1" target="_blank">sha1</a>)
 </span>
 <span>
-<a onclick="dl('server', 'standalone');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-24.0.0.tar.gz" target="_blank">
+<a onclick="dl('server', 'standalone');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.tar.gz" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     TAR.GZ
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-24.0.0.tar.gz.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
 </span>
         </td>
     </tr>
@@ -156,23 +156,23 @@ <h2 class="mt-4">Client Adapters</h2>
                                 <td></td>
                                 <td>
                                     <span class="me-4">
-                                    <a href="https://www.npmjs.com/package/keycloak-js/v/24.0.0" target="_blank">
+                                    <a href="https://www.npmjs.com/package/keycloak-js/v/24.0.1" target="_blank">
                                         <i class="fa fa-link"></i> NPM
                                     </a>
                                     </span>
 <span class="me-4">
-<a onclick="dl('adapter', 'js');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-js-adapter-24.0.0.zip" target="_blank">
+<a onclick="dl('adapter', 'js');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.zip" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     ZIP
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-js-adapter-24.0.0.zip.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.zip.sha1" target="_blank">sha1</a>)
 </span>
 <span>
-<a onclick="dl('adapter', 'js');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-js-adapter-24.0.0.tar.gz" target="_blank">
+<a onclick="dl('adapter', 'js');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.tar.gz" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     TAR.GZ
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-js-adapter-24.0.0.tar.gz.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-js-adapter-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
 </span>
                                 </td>
                             </tr>
@@ -186,7 +186,7 @@ <h2 class="mt-4">Client Adapters</h2>
                             <tr>
                                 <td></td>
                                 <td>
-                                    <a href="https://www.npmjs.com/package/keycloak-connect/v/24.0.0" target="_blank">
+                                    <a href="https://www.npmjs.com/package/keycloak-connect/v/24.0.1" target="_blank">
                                         <i class="fa fa-link"></i> NPM
                                     </a>
                                 </td>
@@ -202,18 +202,18 @@ <h2 class="mt-4">Client Adapters</h2>
                                 <td>8, 9</td>
                                 <td>
 <span class="me-4">
-<a onclick="dl('adapter', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-tomcat-adapter-24.0.0.zip" target="_blank">
+<a onclick="dl('adapter', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.zip" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     ZIP
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-tomcat-adapter-24.0.0.zip.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.zip.sha1" target="_blank">sha1</a>)
 </span>
 <span>
-<a onclick="dl('adapter', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-tomcat-adapter-24.0.0.tar.gz" target="_blank">
+<a onclick="dl('adapter', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.tar.gz" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     TAR.GZ
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-oidc-tomcat-adapter-24.0.0.tar.gz.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-oidc-tomcat-adapter-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
 </span>
                                 </td>
                             </tr>
@@ -235,18 +235,18 @@ <h2 class="mt-4">Client Adapters</h2>
                                 <td>8, 9</td>
                                 <td>
 <span class="me-4">
-<a onclick="dl('adapter-saml', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-saml-tomcat-adapter-24.0.0.zip" target="_blank">
+<a onclick="dl('adapter-saml', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.zip" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     ZIP
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-saml-tomcat-adapter-24.0.0.zip.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.zip.sha1" target="_blank">sha1</a>)
 </span>
 <span>
-<a onclick="dl('adapter-saml', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-saml-tomcat-adapter-24.0.0.tar.gz" target="_blank">
+<a onclick="dl('adapter-saml', 'tomcat');" href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.tar.gz" target="_blank">
     <i class="fa fa-download" aria-hidden="true"></i>
     TAR.GZ
 </a>
-(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-saml-tomcat-adapter-24.0.0.tar.gz.sha1" target="_blank">sha1</a>)
+(<a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-saml-tomcat-adapter-24.0.1.tar.gz.sha1" target="_blank">sha1</a>)
 </span>
                                 </td>
                             </tr>
diff --git a/getting-started/getting-started-docker.html b/getting-started/getting-started-docker.html
index 04795247769c..aa92f2b31dd9 100644
--- a/getting-started/getting-started-docker.html
+++ b/getting-started/getting-started-docker.html
@@ -91,7 +91,7 @@ <h2 id="_start_keycloak">Start Keycloak</h2>
 </div>
 <div class="listingblock">
 <div class="content">
-<pre class="highlight"><code class="language-bash" data-lang="bash">docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.0 start-dev</code></pre>
+<pre class="highlight"><code class="language-bash" data-lang="bash">docker run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.1 start-dev</code></pre>
 </div>
 </div>
 <div class="paragraph">
diff --git a/getting-started/getting-started-podman.html b/getting-started/getting-started-podman.html
index 2b1ebe105410..e4ba523ec0fe 100644
--- a/getting-started/getting-started-podman.html
+++ b/getting-started/getting-started-podman.html
@@ -91,7 +91,7 @@ <h2 id="_start_keycloak">Start Keycloak</h2>
 </div>
 <div class="listingblock">
 <div class="content">
-<pre class="highlight"><code class="language-bash" data-lang="bash">podman run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.0 start-dev</code></pre>
+<pre class="highlight"><code class="language-bash" data-lang="bash">podman run -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:24.0.1 start-dev</code></pre>
 </div>
 </div>
 <div class="paragraph">
diff --git a/getting-started/getting-started-zip.html b/getting-started/getting-started-zip.html
index 8953145bd08e..7e0cad019033 100644
--- a/getting-started/getting-started-zip.html
+++ b/getting-started/getting-started-zip.html
@@ -87,11 +87,11 @@ <h2 id="_before_you_start">Before you start</h2>
 <h2 id="_download_keycloak">Download Keycloak</h2>
 <div class="sectionbody">
 <div class="paragraph">
-<p>Download and extract <a href="https://github.com/keycloak/keycloak/releases/download/24.0.0/keycloak-24.0.0.zip">keycloak-24.0.0.zip</a>
+<p>Download and extract <a href="https://github.com/keycloak/keycloak/releases/download/24.0.1/keycloak-24.0.1.zip">keycloak-24.0.1.zip</a>
 from the Keycloak website.</p>
 </div>
 <div class="paragraph">
-<p>After extracting this file, you should have a directory that is named <code>keycloak-24.0.0</code>.</p>
+<p>After extracting this file, you should have a directory that is named <code>keycloak-24.0.1</code>.</p>
 </div>
 </div>
 </div>
@@ -101,7 +101,7 @@ <h2 id="_start_keycloak">Start Keycloak</h2>
 <div class="olist arabic">
 <ol class="arabic">
 <li>
-<p>From a terminal, open the <code>keycloak-24.0.0</code> directory.</p>
+<p>From a terminal, open the <code>keycloak-24.0.1</code> directory.</p>
 </li>
 <li>
 <p>Enter the following command:</p>
diff --git a/index.html b/index.html
index 6c10a6b942dc..5d0784dc8318 100644
--- a/index.html
+++ b/index.html
@@ -73,7 +73,7 @@ <h1 class="fs-xlarge">Open Source Identity and Access Management</h1>
                 <a class="btn btn-light btn-lg" href="https://www.keycloak.org/downloads">Download</a>
             </div>
             <div class="mt-1">
-                Latest release 24.0.0
+                Latest release 24.0.1
             </div>
         </div>
         <div class="col col-4 d-none d-lg-block">
@@ -88,13 +88,13 @@ <h1 class="fs-xlarge">Open Source Identity and Access Management</h1>
     <div class="row">
         <div class="col-md-1 col-sm-12 fw-bold">News</div>
         <div class="col">
-            <span class="badge bg-secondary">04 Mar</span> <a href="2024/03/keycloak-2400-released.html">Keycloak 24.0.0 released</a>
+            <span class="badge bg-secondary">05 Mar</span> <a href="2024/03/keycloak-2401-released.html">Keycloak 24.0.1 released</a>
         </div>
         <div class="col">
-            <span class="badge bg-secondary">22 Feb</span> <a href="2024/02/keycloak-2307-released.html">Keycloak 23.0.7 released</a>
+            <span class="badge bg-secondary">04 Mar</span> <a href="2024/03/keycloak-2400-released.html">Keycloak 24.0.0 released</a>
         </div>
         <div class="col">
-            <span class="badge bg-secondary">02 Feb</span> <a href="2024/02/keycloak-2306-released.html">Keycloak 23.0.6 released</a>
+            <span class="badge bg-secondary">22 Feb</span> <a href="2024/02/keycloak-2307-released.html">Keycloak 23.0.7 released</a>
         </div>
     </div>
 </div>
diff --git a/operator/installation.html b/operator/installation.html
index a21c833d637e..9bf5a879cd54 100644
--- a/operator/installation.html
+++ b/operator/installation.html
@@ -152,8 +152,8 @@ <h3 id="_installing_by_using_kubectl_without_operator_lifecycle_manager">Install
 <p>Install the CRDs by entering the following commands:</p>
 <div class="listingblock">
 <div class="content">
-<pre class="highlight"><code class="language-bash" data-lang="bash">kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/24.0.0/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
-kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/24.0.0/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml</code></pre>
+<pre class="highlight"><code class="language-bash" data-lang="bash">kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/24.0.1/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
+kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/24.0.1/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml</code></pre>
 </div>
 </div>
 </li>
@@ -161,7 +161,7 @@ <h3 id="_installing_by_using_kubectl_without_operator_lifecycle_manager">Install
 <p>Install the Keycloak Operator deployment by entering the following command:</p>
 <div class="listingblock">
 <div class="content">
-<pre class="highlight"><code class="language-bash" data-lang="bash">kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/24.0.0/kubernetes/kubernetes.yml</code></pre>
+<pre class="highlight"><code class="language-bash" data-lang="bash">kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/24.0.1/kubernetes/kubernetes.yml</code></pre>
 </div>
 </div>
 </li>
diff --git a/operator/realm-import.html b/operator/realm-import.html
index 285dd356ff7f..72e25ab6a643 100644
--- a/operator/realm-import.html
+++ b/operator/realm-import.html
@@ -121,7 +121,7 @@ <h3 id="_creating_a_realm_import_custom_resource">Creating a Realm Import Custom
 </div>
 <div class="paragraph">
 <p>This CR should be created in the same namespace as the Keycloak Deployment CR, defined in the field <code>keycloakCRName</code>.
-The <code>realm</code> field accepts a full <a href="https://www.keycloak.org/docs-api/24.0.0/rest-api/index.html#RealmRepresentation">RealmRepresentation</a>.</p>
+The <code>realm</code> field accepts a full <a href="https://www.keycloak.org/docs-api/24.0.1/rest-api/index.html#RealmRepresentation">RealmRepresentation</a>.</p>
 </div>
 <div class="paragraph">
 <p>The recommended way to obtain a <code>RealmRepresentation</code> is by leveraging the export functionality <a href="https://www.keycloak.org/server/importExport">Importing and Exporting Realms</a>.</p>
diff --git a/rss.xml b/rss.xml
index 4a7b966e7a18..f2ef3870dc31 100644
--- a/rss.xml
+++ b/rss.xml
@@ -9,23518 +9,1701 @@
   <language>en-us</language>
   <category>Keycloak/SSO/Identity and Access Management</category>
       <item>
-        <title>Keycloak 24.0.0 released</title>
-        <link>https://www.keycloak.org/2024/03/keycloak-2400-released</link>
+        <title>Keycloak 24.0.1 released</title>
+        <link>https://www.keycloak.org/2024/03/keycloak-2401-released</link>
         <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
 
     &lt;h2&gt;Highlights&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2024/03/keycloak-2401-released</guid>
+        <pubDate>Tue, 5 Mar 2024 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 24.0.0 released</title>
+        <link>https://www.keycloak.org/2024/03/keycloak-2400-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2024/03/keycloak-2400-released</guid>
+        <pubDate>Mon, 4 Mar 2024 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 23.0.7 released</title>
+        <link>https://www.keycloak.org/2024/02/keycloak-2307-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2024/02/keycloak-2307-released</guid>
+        <pubDate>Thu, 22 Feb 2024 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 23.0.6 released</title>
+        <link>https://www.keycloak.org/2024/02/keycloak-2306-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2024/02/keycloak-2306-released</guid>
+        <pubDate>Fri, 2 Feb 2024 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 23.0.5 released</title>
+        <link>https://www.keycloak.org/2024/01/keycloak-2305-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2024/01/keycloak-2305-released</guid>
+        <pubDate>Mon, 29 Jan 2024 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 23.0.4 released</title>
+        <link>https://www.keycloak.org/2024/01/keycloak-2304-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2024/01/keycloak-2304-released</guid>
+        <pubDate>Mon, 8 Jan 2024 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Recover from site failures with a Multi-Site Setup</title>
+        <link>https://www.keycloak.org/2023/12/recover-site-failures</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;For a Customer Identity and Access Management (CIAM) system, high availability is essential as it is a single point for all systems where customers log in.
+For Keycloak 23, there is a new and updated High Availability guide describing multi-site setups.
+With detailed instructions and blueprints targeting cloud infrastructure, this is documented, tested, and ready to be tried out.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;Read on to find out what is new, and take a peek behind the scenes how this setup has been evaluated, tested and improved.
+And finally, we are providing an outlook when this will no longer be a preview feature.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_improved_documentation_and_new_blueprints&quot;&gt;Improved documentation and new blueprints&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;The recent updates to Keycloak&amp;#8217;s multi-site setup mark a significant milestone.
+Keycloak 23 includes an &lt;a href=&quot;https://www.keycloak.org/high-availability/introduction&quot;&gt;opinionated guide&lt;/a&gt; on setting up Keycloak in a multi-site configuration including blueprints for a cloud setup.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;a class=&quot;image&quot; href=&quot;https://www.keycloak.org/high-availability/concepts-active-passive-sync&quot;&gt;&lt;img src=&quot;https://www.keycloak.org/resources/images/guides/high-availability/active-passive-sync.dio.svg&quot; alt=&quot;active passive sync.dio&quot;&gt;&lt;/a&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2024/03/keycloak-2400-released</guid>
-        <pubDate>Mon, 4 Mar 2024 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 23.0.7 released</title>
-        <link>https://www.keycloak.org/2024/02/keycloak-2307-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2024/02/keycloak-2307-released</guid>
-        <pubDate>Thu, 22 Feb 2024 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 23.0.6 released</title>
-        <link>https://www.keycloak.org/2024/02/keycloak-2306-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2024/02/keycloak-2306-released</guid>
-        <pubDate>Fri, 2 Feb 2024 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 23.0.5 released</title>
-        <link>https://www.keycloak.org/2024/01/keycloak-2305-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2024/01/keycloak-2305-released</guid>
-        <pubDate>Mon, 29 Jan 2024 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 23.0.4 released</title>
-        <link>https://www.keycloak.org/2024/01/keycloak-2304-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2024/01/keycloak-2304-released</guid>
-        <pubDate>Mon, 8 Jan 2024 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Recover from site failures with a Multi-Site Setup</title>
-        <link>https://www.keycloak.org/2023/12/recover-site-failures</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For a Customer Identity and Access Management (CIAM) system, high availability is essential as it is a single point for all systems where customers log in.
-For Keycloak 23, there is a new and updated High Availability guide describing multi-site setups.
-With detailed instructions and blueprints targeting cloud infrastructure, this is documented, tested, and ready to be tried out.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Read on to find out what is new, and take a peek behind the scenes how this setup has been evaluated, tested and improved.
-And finally, we are providing an outlook when this will no longer be a preview feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_improved_documentation_and_new_blueprints&quot;&gt;Improved documentation and new blueprints&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The recent updates to Keycloak&amp;#8217;s multi-site setup mark a significant milestone.
-Keycloak 23 includes an &lt;a href=&quot;https://www.keycloak.org/high-availability/introduction&quot;&gt;opinionated guide&lt;/a&gt; on setting up Keycloak in a multi-site configuration including blueprints for a cloud setup.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;a class=&quot;image&quot; href=&quot;https://www.keycloak.org/high-availability/concepts-active-passive-sync&quot;&gt;&lt;img src=&quot;https://www.keycloak.org/resources/images/guides/high-availability/active-passive-sync.dio.svg&quot; alt=&quot;active passive sync.dio&quot;&gt;&lt;/a&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The high-level topics of this documentation are:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;dlist&quot;&gt;
-&lt;dl&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/high-availability/introduction#_concept_and_building_block_overview&quot;&gt;Concept and building block overview&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;These guides include step-by-step instructions to bring up different components of the Keycloak multi-site architecture such as:&lt;/p&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;What does an active-passive setup with Keycloak architecture look like?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;How to use an external database?&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;How to tune the resources for each of these architectural components?&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/high-availability/introduction#_blueprints_for_building_blocks&quot;&gt;Blueprints for building blocks&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;A series of guides around how to deploy Keycloak in various configurations on Amazon Web Service.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/high-availability/introduction#_operational_procedures&quot;&gt;Operational procedures&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;These guides include detailed operational procedures, ensuring that users can set up and operate their multi-site Keycloak instances efficiently.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;/dl&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_validation_of_the_multi_site_setup&quot;&gt;Validation of the multi-site setup&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Before we published the guides above, we worked on the tooling that allows us both experimenting and getting reproducible results for performance, scalability and chaos testing our solution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With these tools, we tested first a single-site setup, and once that worked sufficiently well, also a multi-site setup.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;All these tools are available as open source, and we invite you to review them to give us feedback, and use them in your environment to run your own performance benchmark and regression tests:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;dlist&quot;&gt;
-&lt;dl&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/dataset-guide/latest/&quot;&gt;Dataset Provider&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;Install this into a Keycloak server in a test environment, and create as many users, clients, groups, etc. as you need to run your performance benchmark.
-Keycloak caches a lot of information in its internal caches, and so does the database, so you will be able to spot some problems only when you have the right amount of data in your database.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/benchmark-guide/latest/&quot;&gt;Benchmark&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;This contains ready-to-be used scenarios for authentication flows and for Keycloak&amp;#8217;s admin REST endpoints.
-If it does not fit your needs yet, use it as a library to create your own Gatling scenarios based on existing and custom steps.
-These tests are deployed as a JAR and a shell script wrapper, so you will only need to install Java on your load runners and you are ready to go.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/benchmark-guide/latest/run/running-benchmark-ansible&quot;&gt;Dedicated EC2 load drivers&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;Use these Ansible playbooks to spin up a set of EC2 instances to drive load against a Keycloak test installation, and aggregate the results.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/prerequisite/prerequisite-rosa&quot;&gt;Automated OpenShift installation on AWS&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;Based on Red Hat OpenShift Service on AWS (ROSA), use the scripts to provision an instance with monitoring, logging and useful Operators preconfigured, ready to deploy Keycloak.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/storage/aurora-regional-postgres&quot;&gt;Automated Aurora installation&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;Set up an Aurora in different variants regional or global, and connect it to a ROSA environment.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/openshift/&quot;&gt;Opinionated Keycloak deployment for Minikube or OpenShift&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;This deploys Keycloak with additional monitoring and debugging tools so we can look at metrics, logs and traces as needed&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/openshift/installation-route53-loadbalancer&quot;&gt;Scripted AWS Route 53 load balancer&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;Set up Route 53 for an active-passive setup to distribute the load to two Keycloak deployments in different OpenShift clusters&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak-benchmark/blob/main/.github/workflows/rosa-multi-az-cluster-create.yml&quot;&gt;Scripted Multi-AZ deployment&lt;/a&gt;&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;Every weekday we create a new Multi-AZ setup from scratch using GitHub actions, a performance testsuite, and record the results.
-This way we catch functional and performance regressions as they occur.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;/dl&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thank you to everyone in the community who has already tried out these tools, found bugs and submitted ideas for improvements!&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_keycloak_got_better_for_everyone&quot;&gt;Keycloak got better for everyone&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When using the tools listed above, we were able to reproduce several situations where Keycloak needed to improve.
-Here are of the improvements which are available in Keycloak 23 for both single-site and multi-site setups:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;dlist&quot;&gt;
-&lt;dl&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;Non-Blocking liveness probe&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;When running Keycloak under a high load, requests might queue up in a Keycloak instance.
-The more requests queue up, the longer it takes to reply to the requests.
-In previous versions also the requests to the liveness probe (&lt;code&gt;/health/live&lt;/code&gt;) were queued, and the probe eventually timed out, and then Kubernetes restarted the Pod.
-In the latest version of Keycloak, the probe is &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22109&quot;&gt;re-implemented to be non-blocking&lt;/a&gt;, so it will not queue, and therefore will not time out and the Pod is not restarted under a high load.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;Load Shedding&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;When requests are queued as described above, the caller will not get a response in time, and the Pod might eventually run out of resources like memory or network connections.
-The recommended recipe is to drop requests early when an instance will not be able to serve the requests in time, which is called load shedding.
-Keycloak 23 now supports the &lt;a href=&quot;https://www.keycloak.org/server/configuration-production&quot;&gt;new option &lt;code&gt;http-max-queued-requests&lt;/code&gt;&lt;/a&gt; that can limit the number of concurrent blocking requests.
-When the number is exceeded, Keycloak immediately returns the response &lt;code&gt;503 Server not Available&lt;/code&gt;.
-This has two benefits: The caller receives an immediate response and can retry later, and resources are freed on the server side immediately.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;Prevented cache stampede for realms and clients&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;When a new Keycloak instance starts or restarts, its caches are empty.
-If under high load parallel requests arrive for the same realm or the same client on a node of Keycloak, previous versions of Keycloak loaded the data from the database in each parallel request.
-This caused a spike in database connection usage and an initial response delay.
-The same happens when a cache or realm entry in the cache is evicted, for example, because it was modified.
-The latest version of Keycloak prevents this so that each Keycloak instance will fetch the data from the database once, and all other parallel requests then use this data without querying the database again (see &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21521&quot;&gt;#21521&lt;/a&gt; and &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22988&quot;&gt;#22988&lt;/a&gt;, &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt;).&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;Align the number of JGroup threads with the number of Quarkus threads&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;The more Keycloak instances run in a cluster, and the more requests are processed in parallel, the higher is the load on the JGroups thread pool.
-The JGroups thread pool ensures smooth communication for the embedded Infinispan of Keycloak, and could lead to timeouts on the internal Infinispan communications if its capacity is exceeded.
-The high-availability docs now contain documentation on &lt;a href=&quot;https://www.keycloak.org/high-availability/concepts-threads&quot;&gt;how to set the Quarkus thread pool to not exceed the JGroup thread pool&lt;/a&gt;.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;Improved Infinispan Metrics&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;The embedded Infinispan provides improved metrics that allow you to monitor your cluster.
-The metrics exposed by the Keycloak&amp;#8217;s metrics endpoint now contain only Infinispan metrics for the current node, so they will not block if another Pod is currently starting up or shutting down (&lt;a href=&quot;https://issues.redhat.com/browse/ISPN-15042&quot;&gt;ISPN-15042&lt;/a&gt; and &lt;a href=&quot;https://issues.redhat.com/browse/ISPN-15072&quot;&gt;ISPN-15072&lt;/a&gt;).
-This way you have better visibility of your cluster during those critical moments.
-The metrics can now expose the cache names as labels, so they can be plotted simpler in dashboards by adding a &lt;code&gt;&amp;lt;metrics names-as-tags=&quot;true&quot; /&amp;gt;&lt;/code&gt; to the Infinispan XML configuration.
-Additional metrics are available for the latencies between sites.&lt;/p&gt;
-&lt;/dd&gt;
-&lt;dt class=&quot;hdlist1&quot;&gt;Reliable Infinispan operations&lt;/dt&gt;
-&lt;dd&gt;
-&lt;p&gt;We tested Infinispan and its communication layer JGroups thoroughly, and we were able to fix situations where a state transfer stalled (&lt;a href=&quot;https://issues.redhat.com/browse/ISPN-14982&quot;&gt;ISPN-14982&lt;/a&gt;), or an initial state transfer failed.
-The Gossip router used in the multi-site setup now works even in situations where a load balancer has multiple IP addresses (&lt;a href=&quot;https://issues.redhat.com/browse/JGRP-2722&quot;&gt;JGRP-2722&lt;/a&gt;, &lt;a href=&quot;https://issues.redhat.com/browse/JGRP-2721&quot;&gt;JGRP-2721&lt;/a&gt;, &lt;a href=&quot;https://github.com/infinispan/infinispan-operator/issues/1857&quot;&gt;infinispan-operator#1857&lt;/a&gt;, and &lt;a href=&quot;https://github.com/infinispan/infinispan-operator/issues/1856&quot;&gt;infinispan-operator#1856&lt;/a&gt;).&lt;/p&gt;
-&lt;/dd&gt;
-&lt;/dl&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_can_the_blueprints_or_scripts_be_used_in_production&quot;&gt;Can the blueprints or scripts be used in production?&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of the testing we did, we optimized Keycloak and those optimizations are built into Keycloak.
-They are available without the need for additional configuration except for the JGroup thread pool configuration.
-While the configuration of Keycloak on Kubernetes might match a production environment quite closely, we expect the database, network, load balancer and security hardening to be different in every organization, so you will need to adapt it to your needs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This is why we chose to document the blueprints as text, so you can learn about the choices we made and why different aspects are configured in one setup, while others are at their default settings.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The scripts we use for the automated setup in the Keycloak Benchmark project focus on high availability and mix this with configurations that are simple to debug and analyze from an engineering perspective.
-A production-ready setup would not have that functionality, so we do not recommend using the scripts as is.
-Still, they can serve as a starting point for your own automation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_read_the_guides_and_give_it_a_try&quot;&gt;Read the guides and give it a try!&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;At the moment, we are running the final tests for an active/passive setup and work toward automating more tests.
-We are also looking for feedback from the community in this &lt;a href=&quot;https://github.com/keycloak/keycloak/discussions/25269&quot;&gt;GitHub discussion on multi-site setups&lt;/a&gt;: Do you like what you see here?
-Is something missing?
-Your feedback is essential!&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Once our tests are complete, and we receive feedback from the community, we plan to make it a fully supported feature.
-This is a huge opportunity for the community to engage with this setup, try it in your environment, and share your findings.
-Let&amp;#8217;s build a stronger and more resilient Keycloak together!&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/12/recover-site-failures</guid>
-        <pubDate>Mon, 18 Dec 2023 00:00:00 GMT</pubDate>
-        
-        <author>Alexander Schwartz, Kamesh Akella</author>
-      </item>
-      <item>
-        <title>Keycloak 23.0.3 released</title>
-        <link>https://www.keycloak.org/2023/12/keycloak-2303-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/12/keycloak-2303-released</guid>
-        <pubDate>Fri, 15 Dec 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 23.0.2 released</title>
-        <link>https://www.keycloak.org/2023/12/keycloak-2302-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/12/keycloak-2302-released</guid>
-        <pubDate>Thu, 14 Dec 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Join Keycloak Developer Day: A Celebration of Innovation and Community!</title>
-        <link>https://www.keycloak.org/2023/12/keycloak-dev-day-24</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Are you passionate about Keycloak and eager to dive deeper into this incredible Open Source IAM solution?
-Then don’t miss &lt;a href=&quot;https://keycloak-day.dev&quot;&gt;Keycloak Developer Day&lt;/a&gt; – a one-day, community-driven conference in Frankfurt/Main Germany in February 2024, dedicated to Keycloak and its vibrant community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_community_event_to_celebrate_keycloak&quot;&gt;Community Event to celebrate Keycloak&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/dasniko&quot;&gt;Niko&lt;/a&gt; and &lt;a href=&quot;https://github.com/srose&quot;&gt;I (Sebastian)&lt;/a&gt; have been active in the Keycloak community for years and have been using Keycloak in many customer projects.
-We co-organize the Java User Group Darmstadt, and participate in community events like the JavaLand conference.
-Now we want to take the next step: Create a special event to celebrate and explore the vast possibilities of Keycloak.
-We&amp;#8217;re thrilled to invite you to be part of this exciting first occasion, the Keycloak Developer Day 2024!&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_tailored_for_users_of_keycloak&quot;&gt;Tailored for users of Keycloak&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We&amp;#8217;re calling everyone using Keycloak in their day-to-day work – whether you&amp;#8217;re tackling operational challenges, brainstorming innovative solutions to unique use-cases, or just curious about the future of IAM – to join us.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Expect a day filled with insightful talks, hands-on workshops, and plenty of opportunities to network with fellow Keycloak enthusiasts and Keycloak maintainers.
-The feature set of Keycloak is as vast as it is impressive, promising a rich array of topics to explore.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_book_your_ticket_online&quot;&gt;Book your ticket online&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Don&amp;#8217;t miss this unique opportunity to connect, share, and grow with the Keycloak community.
-Book your ticket today at &lt;a href=&quot;https://keycloak-day.dev&quot;&gt;keycloak-day.dev&lt;/a&gt; and join us in celebrating Keycloak!&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/12/keycloak-dev-day-24</guid>
-        <pubDate>Mon, 11 Dec 2023 00:00:00 GMT</pubDate>
-        
-        <author>Sebastian Rose</author>
-      </item>
-      <item>
-        <title>Keycloak 23.0.1 released</title>
-        <link>https://www.keycloak.org/2023/11/keycloak-2301-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/11/keycloak-2301-released</guid>
-        <pubDate>Wed, 29 Nov 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 23.0.0 released</title>
-        <link>https://www.keycloak.org/2023/11/keycloak-2300-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Highlights&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/11/keycloak-2300-released</guid>
-        <pubDate>Thu, 23 Nov 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Developer Certificate of Origin</title>
-        <link>https://www.keycloak.org/2023/10/dco</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For any Open Source project, it is important that any contributions contain code that can legally be contributed to the
-project, and that the project has the right to distribute it under its license. There are many ways to achieve this,
-where two popular approaches are Developer Certificate of Origin (DCO) and Contributor License Agreement (CLA).&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;&lt;a href=&quot;https://developercertificate.org/&quot;&gt;Developer Certificate of Origin (DCO)&lt;/a&gt; is the most lightweight approach, which
-requires contributors to sign-off on individual commits that are part of a contribution. This is easily done by using
-the &lt;code&gt;--signoff&lt;/code&gt; (&lt;code&gt;-s&lt;/code&gt;) option when creating a commit. For example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;literalblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre&gt;git commit -s -m &quot;Description of the commit&quot;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This adds a &lt;code&gt;Signed-off-by&lt;/code&gt; statement at the end of the commit, where the contributor certifies they are following the
-agreement laid out in the &lt;a href=&quot;https://developercertificate.org/&quot;&gt;Developer Certificate of Origin (DCO)&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Contributor License Agreement (CLA), on the other hand, is a more complicated approach. As part of CLA, any contributors
-are required to sign an upfront agreement with the project before making any contributions. This provides a higher
-barrier for contributors, and also a higher cost for the Open Source Project as it has to maintain a list of approved
-contributors with a corresponding maintained archive of agreements.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For Keycloak we decided to go with DCO as we believe it is much simpler both for contributors as well as maintainers.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are interested in learning more about CLA vs DCO,
-&lt;a href=&quot;https://opensource.com/article/18/3/cla-vs-dco-whats-difference&quot;&gt;opensource.com has an excellent article on the subject&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/10/dco</guid>
-        <pubDate>Tue, 31 Oct 2023 00:00:00 GMT</pubDate>
-        
-        <author>Stian Thorgersen</author>
-      </item>
-      <item>
-        <title>Keycloak 22.0.5 released</title>
-        <link>https://www.keycloak.org/2023/10/keycloak-2205-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/10/keycloak-2205-released</guid>
-        <pubDate>Tue, 24 Oct 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Announcement: Discontinuation of Keycloak's Map Store</title>
-        <link>https://www.keycloak.org/2023/10/map-store-removal</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Dear Keycloak community,&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For the past two years, the Keycloak store team has been working on a &lt;a href=&quot;https://github.com/keycloak/keycloak-community/blob/main/design/keycloak.x/storage.md&quot;&gt;replacement for the storage layer&lt;/a&gt;, which became known as the Map Store. Despite the successful development of many features, such as a new JPA storage layer with some no downtime capabilities, a new Hot Rod storage layer, flexible configuration, among others, the amount of work remaining for the store to be fully operational and supported is still quite significant. There is still a lot of uncertainty and risk involved in getting to the point where the store is production ready and able to provide enough value for users to migrate to it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To give more context, the new Map Store still lacks support for databases other than PostgreSQL and CockroachDB, a caching layer, implementation of the tree store that ties all the stores together, a migration strategy to Map Store, thorough testing, among other things. Each of these items is complex, require a significant amount of development and testing time, and carry risks of their own.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This situation, combined with the need to address existing issues and demands in the storage area now rather than in a somewhat distant future, led us to the tough decision to stop any development in the Map Store. Instead the team will focus on improving the capabilities of the current store and deliver these improvements in smaller chunks and quicker iterations. One of these improvements is to fully support a high availability setup for Keycloak spanning multiple data centers and regions, also known as cross-DC support. While this has been a preview feature in the past, this should now become fully supported in a future release and include guides on how to configure different parts in a cloud environment.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The experience we gained from the Map Store development won’t be wasted though, as the ideas and experiments that worked well in the Map Store are all natural candidates for enhancements in the storage area. Still the Map Store will be entirely removed from the main codebase. Having two different storage implementations is greatly complicating the maintenance process and also making it more difficult for users and other teams to work with the store as they need to understand how to operate on two very different implementations.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_whats_next&quot;&gt;What&amp;#8217;s next?&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For the time being, the Map Store will be available in a separate branch, yet to be created. It will exist mainly to provide us with a way to fetch bits and pieces that can be valuable to the current store. Then, you can expect the gradual removal of the Map Storage bits from the codebase starting with Keycloak 23. This encompasses, among other things, closing the Map Storage issues on Github, removal of Map Store CLI options, and removal of the Map Store modules.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the near to mid-term future, the store team will continue to focus on cross-DC and some selected smaller improvements/refactorings for the current store. We will prioritize working on highly voted issues and pull requests provided by the community. In parallel, the plan is to develop a roadmap for features and capabilities that we want to bring to the Keycloak store after wrapping up the cross-DC work, and then share this roadmap so it can be discussed and prioritized according to the community&amp;#8217;s feedback.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would also like to thank the Keycloak community for the engagement and feedback during the development of the Map Store. We know that discarding a significant amount of work is not ideal, but we are confident that this decision is the most beneficial for Keycloak and its users in the long run as it will allow us to deliver meaningful value quicker. The team remains focused on improving the store layer and is looking forward to meeting all the challenges ahead.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak Store Team&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/10/map-store-removal</guid>
-        <pubDate>Tue, 17 Oct 2023 00:00:00 GMT</pubDate>
-        
-        <author>Stefan Guilhen</author>
-      </item>
-      <item>
-        <title>Reactivating Discourse</title>
-        <link>https://www.keycloak.org/2023/10/reactivating-discourse</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in June, we decided to sunset Discourse as one of our communication
-channels, as outlined in our
-&lt;a href=&quot;https://www.keycloak.org/2023/06/sunsetting-discourse.html&quot;&gt;previous announcement&lt;/a&gt;.
-However, after careful consideration and understanding the impact this decision
-had on our community, we have chosen to revert it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Firstly, we want to acknowledge that our first goal has always been to seek the
-best for our community. While we strive to make the right decisions, we recognize
-that we are not perfect. We apologize for any inconvenience our initial decision
-may have caused, and appreciate the feedback received from many of you.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We are happy to announce that
-&lt;a href=&quot;https://keycloak.discourse.group/u/dasniko&quot;&gt;Niko&lt;/a&gt; and
-&lt;a href=&quot;https://keycloak.discourse.group/u/xgp&quot;&gt;Garth&lt;/a&gt; have kindly volunteered to moderate
-Discourse. Their commitment makes it possible for us to reactivate the forum.
-Without their support, especially given the multiple communication channels we
-manage, this would not have been possible.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the future, we will ensure to be transparent about decisions that impact our
-users on Discourse. Thank you for your understanding, patience, and continued
-support.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak Team&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/10/reactivating-discourse</guid>
-        <pubDate>Mon, 16 Oct 2023 00:00:00 GMT</pubDate>
-        
-        <author>Bruno Oliveira</author>
-      </item>
-      <item>
-        <title>Meet Keycloak at KubeCon Chicago in Nov 2023</title>
-        <link>https://www.keycloak.org/2023/10/keycloak-kubeconf-chicago</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We are thrilled to announce that Keycloak will be at KubeCon Chicago 2023. There are several Keycloak specific sessions lined up during this Conference, and we will be hosting a Kiosk at the Project Pavilion at KubeCon 2023 Chicago.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_what_is_kubecon&quot;&gt;What is KubeCon?&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As some of you might already know, KubeCon is a fast-growing Cloud Native tech conference that is expected to have 8,000 developers, architects, and technical leaders onsite as well as thousands of participants virtually.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;KubeCon Chicago will be held from Nov. 6th, 2023 through Nov. 9th, 2023, with many of the co-located events happening on Monday Nov 6th, 2023.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_keycloak_community_meet_greet_at_the_project_pavilion&quot;&gt;Keycloak community Meet &amp;amp; Greet at the Project Pavilion&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/ahus1&quot;&gt;Alexander Schwartz&lt;/a&gt;, &lt;a href=&quot;https://github.com/mhajas&quot;&gt;Michal Hajas&lt;/a&gt;, &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/kami619&quot;&gt;Kamesh Akella&lt;/a&gt; will be at the Keycloak kiosk at the Project Pavilion. This is a great chance to meet people who use Keycloak, contribute to Keycloak, take our survey about new Keycloak features, and get some cool swag!&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;&lt;strong&gt;Keycloak Kiosk opening hours:&lt;/strong&gt;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Tuesday, November 7: 10:30 - 3:30 PM CST&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Wednesday, November 8: 10:30 - 2:00 PM CST&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Thursday, November 9: 10:30 - 12:30 PM CST&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_openshift_commons_gathering&quot;&gt;OpenShift Commons Gathering&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The OpenShift Commons Gathering happens on Monday (Nov. 6th, 2023) and builds connections and collaboration across OpenShift communities, projects and stakeholders. Some maintainers from the Keycloak development team will be here during the afternoon. This gives a chance for more community Keycloak maintainers, contributors, and users to meet and share their ideas or just hang out. Access to the OpenShift Commons event is free and does not require a paid KubeCon ticket, &lt;a href=&quot;https://commons.openshift.org/gatherings/kubecon-23-nov-6/&quot;&gt;still you’ll need to register on their website in advance&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_keycloak_specific_events_at_kubecon&quot;&gt;Keycloak specific events at KubeCon&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Below are some Keycloak specific events that the attendees both in-person and virtually can plan to attend.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Tuesday, November 7, 11:00am - 11:35am CST(UTC-6)&lt;br&gt;
-&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2mH/10-years-of-keycloak-whats-next-for-cloud-native-authentication-and-oidc-alexander-schwartz-red-hat-takashi-norimatsu-hitachi-ltd?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;10 Years of Keycloak - What&amp;#8217;s Next for Cloud-Native Authentication and OIDC?&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
-By Alexander Schwartz, Red Hat &amp;amp; Takashi Norimatsu, Hitachi, Ltd.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Tuesday, November 7, 11:55am - 12:30pm CST(UTC-6)&lt;br&gt;
-&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2ma/challenge-to-implementing-scalable-authorization-with-keycloak-yoshiyuki-tabata-hitachi-ltd?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;Challenge to Implementing &amp;#8220;Scalable&amp;#8221; Authorization with Keycloak&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
-By Yoshiyuki Tabata, Hitachi, Ltd.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Tuesday, November 7, 2:30pm - 4:00pm CST(UTC-6)&lt;br&gt;
-&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2nt/contribfest-keycloak-accelerate-new-features-squash-bugs-and-learn-to-contribute-alexander-schwartz-michal-hajas-red-hat?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;Contribfest: Keycloak - Accelerate New Features, Squash Bugs and Learn to Contribute&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
-By Alexander Schwartz &amp;amp; Michal Hajas, Red Hat&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Wednesday, November 8, 11:55am - 12:30pm CST(UTC-6)&lt;br&gt;
-&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2qR/beyond-passwords-keycloaks-contributions-to-iamidentity-and-access-management-security-soojin-lee-hoon-jo-megazone?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;Beyond Passwords: Keycloak&amp;#8217;s Contributions to IAM (Identity and Access Management) + Security&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
-By Soojin Lee &amp;amp; Hoon Jo, Megazone&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We&amp;#8217;re preparing for KubeCon Chicago 2023 and can&amp;#8217;t wait to connect with our community. Mark your calendars and join us.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See you in Chicago!&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/10/keycloak-kubeconf-chicago</guid>
-        <pubDate>Tue, 10 Oct 2023 00:00:00 GMT</pubDate>
-        
-        <author>Kamesh Akella</author>
-      </item>
-      <item>
-        <title>Keycloak 22.0.4 released</title>
-        <link>https://www.keycloak.org/2023/10/keycloak-2204-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/10/keycloak-2204-released</guid>
-        <pubDate>Wed, 4 Oct 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 22.0.3 released</title>
-        <link>https://www.keycloak.org/2023/09/keycloak-2203-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/09/keycloak-2203-released</guid>
-        <pubDate>Tue, 12 Sep 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>2nd edition of the Keycloak book is out</title>
-        <link>https://www.keycloak.org/2023/09/book-2nd-edition</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We&amp;#8217;re pleased to announce that the 2nd edition of the Keycloak book is out, and available for
-&lt;a href=&quot;https://a.co/d/58BbJ96&quot;&gt;available for purchase on Amazon&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new edition has been updated to the latest release of Keycloak, making the book compatible with the newer Quarkus
-distribution of Keycloak, as well as the new administration console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are new to Keycloak this book brings an excellent guide to getting started with Keycloak, including how to secure
-a range of different application types with Keycloak.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;&lt;span class=&quot;image&quot;&gt;&lt;img src=&quot;https://www.keycloak.org/resources/images/blog/book-2nd-edition.png&quot; alt=&quot;Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications 2nd Edition&quot;&gt;&lt;/span&gt;&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/09/book-2nd-edition</guid>
-        <pubDate>Mon, 11 Sep 2023 00:00:00 GMT</pubDate>
-        
-        <author>Stian Thorgersen</author>
-      </item>
-      <item>
-        <title>Keycloak 22.0.2 released</title>
-        <link>https://www.keycloak.org/2023/09/keycloak-2202-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/09/keycloak-2202-released</guid>
-        <pubDate>Mon, 11 Sep 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Senior Software Engineer Opening on Keycloak's Core Team!</title>
-        <link>https://www.keycloak.org/2023/08/keycloak-core-hiring</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Red Hat is looking for a Senior Software Engineer who is eager to contribute to the evolving landscape of Identity and Access Management through Keycloak. In addition to improving existing functionalities, you will have the opportunity to innovate and work on new features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you have a solid Java experience, a strong interest in security, thrive in a collaborative environment, and are keen to make a meaningful impact on the IAM landscape, &lt;a href=&quot;https://global-redhat.icims.com/jobs/100108/senior-software-engineer---identity-%26-access-management/job?mode=view&amp;amp;mobile=false&amp;amp;width=708&amp;amp;height=500&amp;amp;bga=true&amp;amp;needsRedirect=false&amp;amp;jan1offset=60&amp;amp;jun1offset=120&quot;&gt;we invite you to apply and become part of our team&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/08/keycloak-core-hiring</guid>
-        <pubDate>Tue, 29 Aug 2023 00:00:00 GMT</pubDate>
-        
-        <author>Bruno Oliveira</author>
-      </item>
-      <item>
-        <title>Keycloak 22.0.1 released</title>
-        <link>https://www.keycloak.org/2023/07/keycloak-2201-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/07/keycloak-2201-released</guid>
-        <pubDate>Tue, 18 Jul 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 22.0.0 released</title>
-        <link>https://www.keycloak.org/2023/07/keycloak-2200-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/07/keycloak-2200-released</guid>
-        <pubDate>Tue, 11 Jul 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Authorization Survey</title>
-        <link>https://www.keycloak.org/2023/07/authorization-survey</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Services dedicated to authorization are evolving rapidly. There is a steady establishment of policy languages, purpose-built for authorization, as well as a growing number of implementations of Google&amp;#8217;s &quot;Zanzibar&quot; whitepaper, their &lt;a href=&quot;https://research.google/pubs/pub48190/&quot;&gt;global, consistent authorization system&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To better understand how we should evolve Keycloak Authorization Services in this context, we&amp;#8217;d appreciate the opportunity to learn more about the Keycloak communities&#39; authorization use cases and experience, regardless of whether you&amp;#8217;ve used Keycloak Authorization Services before or if you use a different service for access management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Please consider filling out &lt;a href=&quot;https://forms.gle/MkaSXQ9NuaR24qZt9&quot;&gt;this brief, anonymous survey&lt;/a&gt; to help shape Keycloak&amp;#8217;s future authorization experience.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/07/authorization-survey</guid>
-        <pubDate>Thu, 6 Jul 2023 00:00:00 GMT</pubDate>
-        
-        <author>Alec Henninger</author>
-      </item>
-      <item>
-        <title>Survey - Cross-Site Replication in Keycloak</title>
-        <link>https://www.keycloak.org/2023/06/crossdc-survey</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak and Infinispan engineering teams are working together to bring Cross-Site Replication (CSR) to a fully
-supported state in future Keycloak releases, with Active/Passive support and Active/Active support.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to gather inputs on your expectations, requirements, use-cases and sizing of the target deployment
-environments for the CSR feature. Thanks in advance for filling out this survey form to help us better plan and deliver
-this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If your are interested in Active/Passive or Active/Active deployments of Keycloak please fill in
-&lt;a href=&quot;https://forms.gle/B5TogcX7WvgdeNKD6&quot;&gt;the survey&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/06/crossdc-survey</guid>
-        <pubDate>Fri, 30 Jun 2023 00:00:00 GMT</pubDate>
-        
-        <author>Stian Thorgersen</author>
-      </item>
-      <item>
-        <title>Keycloak 21.1.2 released</title>
-        <link>https://www.keycloak.org/2023/06/keycloak-2112-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/06/keycloak-2112-released</guid>
-        <pubDate>Wed, 28 Jun 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>New Keycloak maintainer: Alexander Schwartz</title>
-        <link>https://www.keycloak.org/2023/06/alexander-schwartz</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We&amp;#8217;re delighted to announce &lt;a href=&quot;https://github.com/ahus1&quot;&gt;Alexander Schwartz&lt;/a&gt; as an official maintainer of Keycloak.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Alexander started contributing to Keycloak in 2015. He applied it in several customer installations and is maintaining the Dropwizard module for Keycloak. In January 2022, he joined Red Hat. Since then, he has contributed to Keycloak’s store and documentation and is the key contributor to the Keycloak benchmark project. He helped with Keycloak’s submission to CNCF, and represented Keycloak at KubeCon Amsterdam in April 2023. &lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;He has shown his commitment to the Keycloak community by collaborating on design discussions, participating in GitHub discussions, reviewing pull-requests, answering questions on the Keycloak mailing lists, contributing to new features, bug fixes and triaging GitHub issues.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak team is very excited to welcome Alexander as our new maintainer and long-time contributor.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/06/alexander-schwartz</guid>
-        <pubDate>Tue, 27 Jun 2023 00:00:00 GMT</pubDate>
-        
-        <author>Bruno Oliveira</author>
-      </item>
-      <item>
-        <title>Sunsetting Discourse</title>
-        <link>https://www.keycloak.org/2023/06/sunsetting-discourse</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Our community has grown and evolved significantly over time. This growth has
-been exciting to be a part of, but it has also presented new challenges. One of
-these challenges has been managing the multiple communication channels we
-have in place to engage with our community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Today, we have various channels available: Google Groups, GitHub Discussions,
-Slack, and Discourse. Each of these platforms has its strengths in fostering the
-open dialogue and collaboration. However, we have been unable to provide the
-level of attention and interaction we believe our community deserves.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With this in mind, we have decided that as of June 26, 2023, we will sunset
-Discourse as one of our communication channels. We understand the value
-that Discourse has brought to our community, but we believe that focusing our
-efforts on fewer communication channels will allow us to foster more
-meaningful conversations.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;What does this mean for Discourse users?&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;From June 26, 2023, users will no longer be able to create new posts on
-Discourse, but they can still access all the content and discussions that have
-been shared there. All the existing threads will be preserved as an archive,
-ensuring that the knowledge accumulated over the years is not lost.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For those who have been actively using Discourse, we understand that this
-transition might be challenging. We encourage users to join our conversations
-on &lt;a href=&quot;https://www.keycloak.org/community&quot;&gt;Google Groups, GitHub Discussions, and Slack&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/06/sunsetting-discourse</guid>
-        <pubDate>Wed, 21 Jun 2023 00:00:00 GMT</pubDate>
-        
-        <author>Bruno Oliveira</author>
-      </item>
-      <item>
-        <title>Keyconf 23</title>
-        <link>https://www.keycloak.org/2023/05/keyconf-23</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to invite you to the Keycloak conference Keyconf 23!&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The event will take place on June 16 in London. The details about this event together with the links for free registration are
-&lt;a href=&quot;https://www.eventbrite.co.uk/e/keyconf-23-tickets-621079815447&quot;&gt;here&lt;/a&gt;!&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keyconf conference takes place the day after the &lt;a href=&quot;https://whitehallmedia.co.uk/idmjun2023/&quot;&gt;IDM Identity Management&lt;/a&gt; conference. If you are interested in security in general, this is a good opportunity to join the both conferences.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/05/keyconf-23</guid>
-        <pubDate>Thu, 4 May 2023 00:00:00 GMT</pubDate>
-        
-        <author>Marek Posolda</author>
-      </item>
-      <item>
-        <title>New Keycloak maintainer: Sebastian Schuster</title>
-        <link>https://www.keycloak.org/2023/05/maintainer-sschu</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We are pleased to welcome &lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt; as an official maintainer of Keycloak.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Sebastian has contributed to Keycloak since 2019, when he convinced his company Bosch to use Keycloak for identity and
-access management. He has been active in the community providing help, taking part in discussions and contributing.
-Behind him, there is a whole team at Bosch providing more than 60 contributions over the last years in various areas.
-The declarative user profile was the most prominent feature contributed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;His company allows him to dedicate a considerable amount of time for Keycloak to help review contributions and reports
-and get involved in discussions. Since Sebastian has got experience operating Keycloak on a wide scale over several
-years, he will focus on topics around cloud-native and Keycloak operations like observability.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Not only will Sebastian on his own bring a lot of value to Keycloak, but he will also serve as an integration point for
-Bosch to enable more contributions from his team, allowing them to contribute more value to Keycloak in the future.&lt;/p&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/05/maintainer-sschu</guid>
-        <pubDate>Tue, 2 May 2023 00:00:00 GMT</pubDate>
-        
-        <author>Stian Thorgersen</author>
-      </item>
-      <item>
-        <title>Keycloak 21.1.1 released</title>
-        <link>https://www.keycloak.org/2023/04/keycloak-2111-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/04/keycloak-2111-released</guid>
-        <pubDate>Wed, 26 Apr 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 21.1.0 released</title>
-        <link>https://www.keycloak.org/2023/04/keycloak-2110-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/04/keycloak-2110-released</guid>
-        <pubDate>Thu, 20 Apr 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Keycloak 21.0.2 released</title>
-        <link>https://www.keycloak.org/2023/03/keycloak-2102-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/03/keycloak-2102-released</guid>
-        <pubDate>Thu, 30 Mar 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
-        
-      </item>
-      <item>
-        <title>Update on deprecation of Keycloak adapters</title>
-        <link>https://www.keycloak.org/2023/03/adapter-deprecation-update</link>
-        <description>&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In 2022 we announced the deprecation of &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecating Keycloak adapters&lt;/a&gt;, with
-a plan to stop delivering most adapters in &lt;a href=&quot;https://www.keycloak.org/2022/03/releases.html&quot;&gt;Keycloak 19&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As we have not been able to make sufficient progress on finding alternatives and work on supporting material to help
-migrating away from Keycloak adapters we are extending the life of the Keycloak adapters.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The plan is still to eventually stop delivering bespoke Keycloak adapters in the future, but we will do this in a more gradual process than previous laid out.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We still strongly belive that the community as a whole are better served in the long run by us focusing more on the Keycloak server with full compliance and support for specifications such as OAuth 2.0 and OpenID Connect, and adding support for additional relevant extensions to the specifications.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We also believe by leaving the integration for various programming languages and frameworks to the relevant communities, the end result will be more extensive support, with more features and abilities, and last but not least better integrations and easy of use.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_oauth_2_0_and_openid_connect_adapters&quot;&gt;OAuth 2.0 and OpenID Connect adapters&lt;/h2&gt;
-&lt;div class=&quot;sectionbody&quot;&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java&quot;&gt;Java&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For Java applications there is now more than ever wide-spread support for OpenID Connect, where some examples include:&lt;/p&gt;
+&lt;p&gt;The high-level topics of this documentation are:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;dlist&quot;&gt;
+&lt;dl&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/high-availability/introduction#_concept_and_building_block_overview&quot;&gt;Concept and building block overview&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;These guides include step-by-step instructions to bring up different components of the Keycloak multi-site architecture such as:&lt;/p&gt;
 &lt;div class=&quot;ulist&quot;&gt;
 &lt;ul&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation&quot;&gt;Jakarta Security 3.0&lt;/a&gt; - OpenID Connect support in Jakarta EE 10&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/&quot;&gt;Elytron OIDC&lt;/a&gt; - OpenID Connect support in WildFly&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://quarkus.io/guides/security-openid-connect&quot;&gt;Quarkus OIDC&lt;/a&gt; - OpenID Connect support for Quarkus applications&lt;/p&gt;
+&lt;p&gt;What does an active-passive setup with Keycloak architecture look like?&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html&quot;&gt;Spring Security&lt;/a&gt; - OAuth and OpenID Connect support in Spring&lt;/p&gt;
+&lt;p&gt;How to use an external database?&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://www.pac4j.org/&quot;&gt;Pac4j&lt;/a&gt; - The Java security framework to protect all your web applications and web services&lt;/p&gt;
+&lt;p&gt;How to tune the resources for each of these architectural components?&lt;/p&gt;
 &lt;/li&gt;
 &lt;/ul&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Neither of these have support for Keycloak Authorization Services though, which is why we are planning to introduce a
-generic Java client libraries for Authorization Services that can be leveraged with other OpenID Connect client libraries.
-Expect this to be delivered in Keycloak 22.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak Java adapters will remain for a while though, at least towards the end of the year, but likely not be removed
-until early 2024. At the same time don&amp;#8217;t expect the adapters to be updated in terms of adding new features, enhancements, or supporting newer versions of
-Tomcat, Jetty, WildFly, or Spring.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_node_js&quot;&gt;Node.js&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We are still investigating alternatives for Node.js, so plan is available for those one just yet. Expect more information
-to come later in the year. Regardless of the alternative we will deliver support for Keycloak Authorization Services to
-Node.js.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak Node.js adapter will remain, at least towards the end of the year, but likely not be removed until early 2024.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_client_side_javascript&quot;&gt;Client-side JavaScript&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For now the Keycloak client-side JavaScript adapter remains, but we are looking into alternatives as well as the potential
-of completely overhauling our current adapter and continue maintaining and delivering this adapter.&lt;/p&gt;
-&lt;/div&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/high-availability/introduction#_blueprints_for_building_blocks&quot;&gt;Blueprints for building blocks&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;A series of guides around how to deploy Keycloak in various configurations on Amazon Web Service.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/high-availability/introduction#_operational_procedures&quot;&gt;Operational procedures&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;These guides include detailed operational procedures, ensuring that users can set up and operate their multi-site Keycloak instances efficiently.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;/dl&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;sect1&quot;&gt;
-&lt;h2 id=&quot;_saml_2_0&quot;&gt;SAML 2.0&lt;/h2&gt;
+&lt;h2 id=&quot;_validation_of_the_multi_site_setup&quot;&gt;Validation of the multi-site setup&lt;/h2&gt;
 &lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We are planning to continue supporting SAML 2.0 for WildFly and JBoss EAP in the long run, but support for Tomcat and
-Jetty are likely to be removed relatively soon.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;/div&gt;</description>
-        <guid>https://www.keycloak.org/2023/03/adapter-deprecation-update</guid>
-        <pubDate>Wed, 29 Mar 2023 00:00:00 GMT</pubDate>
-        
-        <author>Stian Thorgersen</author>
-      </item>
-      <item>
-        <title>Keycloak 21.0.1 released</title>
-        <link>https://www.keycloak.org/2023/03/keycloak-2101-released</link>
-        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
-
-    &lt;h2&gt;Release notes&lt;/h2&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
+&lt;p&gt;Before we published the guides above, we worked on the tooling that allows us both experimenting and getting reproducible results for performance, scalability and chaos testing our solution.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
+&lt;p&gt;With these tools, we tested first a single-site setup, and once that worked sufficiently well, also a multi-site setup.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
+&lt;p&gt;All these tools are available as open source, and we invite you to review them to give us feedback, and use them in your environment to run your own performance benchmark and regression tests:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
+&lt;div class=&quot;dlist&quot;&gt;
+&lt;dl&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/dataset-guide/latest/&quot;&gt;Dataset Provider&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;Install this into a Keycloak server in a test environment, and create as many users, clients, groups, etc. as you need to run your performance benchmark.
+Keycloak caches a lot of information in its internal caches, and so does the database, so you will be able to spot some problems only when you have the right amount of data in your database.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/benchmark-guide/latest/&quot;&gt;Benchmark&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;This contains ready-to-be used scenarios for authentication flows and for Keycloak&amp;#8217;s admin REST endpoints.
+If it does not fit your needs yet, use it as a library to create your own Gatling scenarios based on existing and custom steps.
+These tests are deployed as a JAR and a shell script wrapper, so you will only need to install Java on your load runners and you are ready to go.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/benchmark-guide/latest/run/running-benchmark-ansible&quot;&gt;Dedicated EC2 load drivers&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;Use these Ansible playbooks to spin up a set of EC2 instances to drive load against a Keycloak test installation, and aggregate the results.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/prerequisite/prerequisite-rosa&quot;&gt;Automated OpenShift installation on AWS&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;Based on Red Hat OpenShift Service on AWS (ROSA), use the scripts to provision an instance with monitoring, logging and useful Operators preconfigured, ready to deploy Keycloak.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/storage/aurora-regional-postgres&quot;&gt;Automated Aurora installation&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;Set up an Aurora in different variants regional or global, and connect it to a ROSA environment.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/openshift/&quot;&gt;Opinionated Keycloak deployment for Minikube or OpenShift&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;This deploys Keycloak with additional monitoring and debugging tools so we can look at metrics, logs and traces as needed&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://www.keycloak.org/keycloak-benchmark/kubernetes-guide/latest/openshift/installation-route53-loadbalancer&quot;&gt;Scripted AWS Route 53 load balancer&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;Set up Route 53 for an active-passive setup to distribute the load to two Keycloak deployments in different OpenShift clusters&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak-benchmark/blob/main/.github/workflows/rosa-multi-az-cluster-create.yml&quot;&gt;Scripted Multi-AZ deployment&lt;/a&gt;&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;Every weekday we create a new Multi-AZ setup from scratch using GitHub actions, a performance testsuite, and record the results.
+This way we catch functional and performance regressions as they occur.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;/dl&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
+&lt;p&gt;Thank you to everyone in the community who has already tried out these tools, found bugs and submitted ideas for improvements!&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_keycloak_got_better_for_everyone&quot;&gt;Keycloak got better for everyone&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;When using the tools listed above, we were able to reproduce several situations where Keycloak needed to improve.
+Here are of the improvements which are available in Keycloak 23 for both single-site and multi-site setups:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;dlist&quot;&gt;
+&lt;dl&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;Non-Blocking liveness probe&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;When running Keycloak under a high load, requests might queue up in a Keycloak instance.
+The more requests queue up, the longer it takes to reply to the requests.
+In previous versions also the requests to the liveness probe (&lt;code&gt;/health/live&lt;/code&gt;) were queued, and the probe eventually timed out, and then Kubernetes restarted the Pod.
+In the latest version of Keycloak, the probe is &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22109&quot;&gt;re-implemented to be non-blocking&lt;/a&gt;, so it will not queue, and therefore will not time out and the Pod is not restarted under a high load.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;Load Shedding&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;When requests are queued as described above, the caller will not get a response in time, and the Pod might eventually run out of resources like memory or network connections.
+The recommended recipe is to drop requests early when an instance will not be able to serve the requests in time, which is called load shedding.
+Keycloak 23 now supports the &lt;a href=&quot;https://www.keycloak.org/server/configuration-production&quot;&gt;new option &lt;code&gt;http-max-queued-requests&lt;/code&gt;&lt;/a&gt; that can limit the number of concurrent blocking requests.
+When the number is exceeded, Keycloak immediately returns the response &lt;code&gt;503 Server not Available&lt;/code&gt;.
+This has two benefits: The caller receives an immediate response and can retry later, and resources are freed on the server side immediately.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;Prevented cache stampede for realms and clients&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;When a new Keycloak instance starts or restarts, its caches are empty.
+If under high load parallel requests arrive for the same realm or the same client on a node of Keycloak, previous versions of Keycloak loaded the data from the database in each parallel request.
+This caused a spike in database connection usage and an initial response delay.
+The same happens when a cache or realm entry in the cache is evicted, for example, because it was modified.
+The latest version of Keycloak prevents this so that each Keycloak instance will fetch the data from the database once, and all other parallel requests then use this data without querying the database again (see &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21521&quot;&gt;#21521&lt;/a&gt; and &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22988&quot;&gt;#22988&lt;/a&gt;, &lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt;).&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;Align the number of JGroup threads with the number of Quarkus threads&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;The more Keycloak instances run in a cluster, and the more requests are processed in parallel, the higher is the load on the JGroups thread pool.
+The JGroups thread pool ensures smooth communication for the embedded Infinispan of Keycloak, and could lead to timeouts on the internal Infinispan communications if its capacity is exceeded.
+The high-availability docs now contain documentation on &lt;a href=&quot;https://www.keycloak.org/high-availability/concepts-threads&quot;&gt;how to set the Quarkus thread pool to not exceed the JGroup thread pool&lt;/a&gt;.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;Improved Infinispan Metrics&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;The embedded Infinispan provides improved metrics that allow you to monitor your cluster.
+The metrics exposed by the Keycloak&amp;#8217;s metrics endpoint now contain only Infinispan metrics for the current node, so they will not block if another Pod is currently starting up or shutting down (&lt;a href=&quot;https://issues.redhat.com/browse/ISPN-15042&quot;&gt;ISPN-15042&lt;/a&gt; and &lt;a href=&quot;https://issues.redhat.com/browse/ISPN-15072&quot;&gt;ISPN-15072&lt;/a&gt;).
+This way you have better visibility of your cluster during those critical moments.
+The metrics can now expose the cache names as labels, so they can be plotted simpler in dashboards by adding a &lt;code&gt;&amp;lt;metrics names-as-tags=&quot;true&quot; /&amp;gt;&lt;/code&gt; to the Infinispan XML configuration.
+Additional metrics are available for the latencies between sites.&lt;/p&gt;
+&lt;/dd&gt;
+&lt;dt class=&quot;hdlist1&quot;&gt;Reliable Infinispan operations&lt;/dt&gt;
+&lt;dd&gt;
+&lt;p&gt;We tested Infinispan and its communication layer JGroups thoroughly, and we were able to fix situations where a state transfer stalled (&lt;a href=&quot;https://issues.redhat.com/browse/ISPN-14982&quot;&gt;ISPN-14982&lt;/a&gt;), or an initial state transfer failed.
+The Gossip router used in the multi-site setup now works even in situations where a load balancer has multiple IP addresses (&lt;a href=&quot;https://issues.redhat.com/browse/JGRP-2722&quot;&gt;JGRP-2722&lt;/a&gt;, &lt;a href=&quot;https://issues.redhat.com/browse/JGRP-2721&quot;&gt;JGRP-2721&lt;/a&gt;, &lt;a href=&quot;https://github.com/infinispan/infinispan-operator/issues/1857&quot;&gt;infinispan-operator#1857&lt;/a&gt;, and &lt;a href=&quot;https://github.com/infinispan/infinispan-operator/issues/1856&quot;&gt;infinispan-operator#1856&lt;/a&gt;).&lt;/p&gt;
+&lt;/dd&gt;
+&lt;/dl&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
 &lt;/div&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_can_the_blueprints_or_scripts_be_used_in_production&quot;&gt;Can the blueprints or scripts be used in production?&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;As part of the testing we did, we optimized Keycloak and those optimizations are built into Keycloak.
+They are available without the need for additional configuration except for the JGroup thread pool configuration.
+While the configuration of Keycloak on Kubernetes might match a production environment quite closely, we expect the database, network, load balancer and security hardening to be different in every organization, so you will need to adapt it to your needs.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
+&lt;p&gt;This is why we chose to document the blueprints as text, so you can learn about the choices we made and why different aspects are configured in one setup, while others are at their default settings.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;The scripts we use for the automated setup in the Keycloak Benchmark project focus on high availability and mix this with configurations that are simple to debug and analyze from an engineering perspective.
+A production-ready setup would not have that functionality, so we do not recommend using the scripts as is.
+Still, they can serve as a starting point for your own automation.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_read_the_guides_and_give_it_a_try&quot;&gt;Read the guides and give it a try!&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;At the moment, we are running the final tests for an active/passive setup and work toward automating more tests.
+We are also looking for feedback from the community in this &lt;a href=&quot;https://github.com/keycloak/keycloak/discussions/25269&quot;&gt;GitHub discussion on multi-site setups&lt;/a&gt;: Do you like what you see here?
+Is something missing?
+Your feedback is essential!&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
+&lt;p&gt;Once our tests are complete, and we receive feedback from the community, we plan to make it a fully supported feature.
+This is a huge opportunity for the community to engage with this setup, try it in your environment, and share your findings.
+Let&amp;#8217;s build a stronger and more resilient Keycloak together!&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
 &lt;/div&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/12/recover-site-failures</guid>
+        <pubDate>Mon, 18 Dec 2023 00:00:00 GMT</pubDate>
+        
+        <author>Alexander Schwartz, Kamesh Akella</author>
+      </item>
+      <item>
+        <title>Keycloak 23.0.3 released</title>
+        <link>https://www.keycloak.org/2023/12/keycloak-2303-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
-&lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/12/keycloak-2303-released</guid>
+        <pubDate>Fri, 15 Dec 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 23.0.2 released</title>
+        <link>https://www.keycloak.org/2023/12/keycloak-2302-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/12/keycloak-2302-released</guid>
+        <pubDate>Thu, 14 Dec 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Join Keycloak Developer Day: A Celebration of Innovation and Community!</title>
+        <link>https://www.keycloak.org/2023/12/keycloak-dev-day-24</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Are you passionate about Keycloak and eager to dive deeper into this incredible Open Source IAM solution?
+Then don’t miss &lt;a href=&quot;https://keycloak-day.dev&quot;&gt;Keycloak Developer Day&lt;/a&gt; – a one-day, community-driven conference in Frankfurt/Main Germany in February 2024, dedicated to Keycloak and its vibrant community.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_community_event_to_celebrate_keycloak&quot;&gt;Community Event to celebrate Keycloak&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;&lt;a href=&quot;https://github.com/dasniko&quot;&gt;Niko&lt;/a&gt; and &lt;a href=&quot;https://github.com/srose&quot;&gt;I (Sebastian)&lt;/a&gt; have been active in the Keycloak community for years and have been using Keycloak in many customer projects.
+We co-organize the Java User Group Darmstadt, and participate in community events like the JavaLand conference.
+Now we want to take the next step: Create a special event to celebrate and explore the vast possibilities of Keycloak.
+We&amp;#8217;re thrilled to invite you to be part of this exciting first occasion, the Keycloak Developer Day 2024!&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_tailored_for_users_of_keycloak&quot;&gt;Tailored for users of Keycloak&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;We&amp;#8217;re calling everyone using Keycloak in their day-to-day work – whether you&amp;#8217;re tackling operational challenges, brainstorming innovative solutions to unique use-cases, or just curious about the future of IAM – to join us.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;Expect a day filled with insightful talks, hands-on workshops, and plenty of opportunities to network with fellow Keycloak enthusiasts and Keycloak maintainers.
+The feature set of Keycloak is as vast as it is impressive, promising a rich array of topics to explore.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_book_your_ticket_online&quot;&gt;Book your ticket online&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;Don&amp;#8217;t miss this unique opportunity to connect, share, and grow with the Keycloak community.
+Book your ticket today at &lt;a href=&quot;https://keycloak-day.dev&quot;&gt;keycloak-day.dev&lt;/a&gt; and join us in celebrating Keycloak!&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/12/keycloak-dev-day-24</guid>
+        <pubDate>Mon, 11 Dec 2023 00:00:00 GMT</pubDate>
+        
+        <author>Sebastian Rose</author>
+      </item>
+      <item>
+        <title>Keycloak 23.0.1 released</title>
+        <link>https://www.keycloak.org/2023/11/keycloak-2301-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/11/keycloak-2301-released</guid>
+        <pubDate>Wed, 29 Nov 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 23.0.0 released</title>
+        <link>https://www.keycloak.org/2023/11/keycloak-2300-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Highlights&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/11/keycloak-2300-released</guid>
+        <pubDate>Thu, 23 Nov 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Developer Certificate of Origin</title>
+        <link>https://www.keycloak.org/2023/10/dco</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;For any Open Source project, it is important that any contributions contain code that can legally be contributed to the
+project, and that the project has the right to distribute it under its license. There are many ways to achieve this,
+where two popular approaches are Developer Certificate of Origin (DCO) and Contributor License Agreement (CLA).&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;&lt;a href=&quot;https://developercertificate.org/&quot;&gt;Developer Certificate of Origin (DCO)&lt;/a&gt; is the most lightweight approach, which
+requires contributors to sign-off on individual commits that are part of a contribution. This is easily done by using
+the &lt;code&gt;--signoff&lt;/code&gt; (&lt;code&gt;-s&lt;/code&gt;) option when creating a commit. For example:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
+&lt;div class=&quot;literalblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre&gt;git commit -s -m &quot;Description of the commit&quot;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;This adds a &lt;code&gt;Signed-off-by&lt;/code&gt; statement at the end of the commit, where the contributor certifies they are following the
+agreement laid out in the &lt;a href=&quot;https://developercertificate.org/&quot;&gt;Developer Certificate of Origin (DCO)&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
+&lt;p&gt;Contributor License Agreement (CLA), on the other hand, is a more complicated approach. As part of CLA, any contributors
+are required to sign an upfront agreement with the project before making any contributions. This provides a higher
+barrier for contributors, and also a higher cost for the Open Source Project as it has to maintain a list of approved
+contributors with a corresponding maintained archive of agreements.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
+&lt;p&gt;For Keycloak we decided to go with DCO as we believe it is much simpler both for contributors as well as maintainers.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
+&lt;p&gt;If you are interested in learning more about CLA vs DCO,
+&lt;a href=&quot;https://opensource.com/article/18/3/cla-vs-dco-whats-difference&quot;&gt;opensource.com has an excellent article on the subject&lt;/a&gt;.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/10/dco</guid>
+        <pubDate>Tue, 31 Oct 2023 00:00:00 GMT</pubDate>
+        
+        <author>Stian Thorgersen</author>
+      </item>
+      <item>
+        <title>Keycloak 22.0.5 released</title>
+        <link>https://www.keycloak.org/2023/10/keycloak-2205-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/10/keycloak-2205-released</guid>
+        <pubDate>Tue, 24 Oct 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Announcement: Discontinuation of Keycloak's Map Store</title>
+        <link>https://www.keycloak.org/2023/10/map-store-removal</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Dear Keycloak community,&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;For the past two years, the Keycloak store team has been working on a &lt;a href=&quot;https://github.com/keycloak/keycloak-community/blob/main/design/keycloak.x/storage.md&quot;&gt;replacement for the storage layer&lt;/a&gt;, which became known as the Map Store. Despite the successful development of many features, such as a new JPA storage layer with some no downtime capabilities, a new Hot Rod storage layer, flexible configuration, among others, the amount of work remaining for the store to be fully operational and supported is still quite significant. There is still a lot of uncertainty and risk involved in getting to the point where the store is production ready and able to provide enough value for users to migrate to it.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
+&lt;p&gt;To give more context, the new Map Store still lacks support for databases other than PostgreSQL and CockroachDB, a caching layer, implementation of the tree store that ties all the stores together, a migration strategy to Map Store, thorough testing, among other things. Each of these items is complex, require a significant amount of development and testing time, and carry risks of their own.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;This situation, combined with the need to address existing issues and demands in the storage area now rather than in a somewhat distant future, led us to the tough decision to stop any development in the Map Store. Instead the team will focus on improving the capabilities of the current store and deliver these improvements in smaller chunks and quicker iterations. One of these improvements is to fully support a high availability setup for Keycloak spanning multiple data centers and regions, also known as cross-DC support. While this has been a preview feature in the past, this should now become fully supported in a future release and include guides on how to configure different parts in a cloud environment.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
+&lt;p&gt;The experience we gained from the Map Store development won’t be wasted though, as the ideas and experiments that worked well in the Map Store are all natural candidates for enhancements in the storage area. Still the Map Store will be entirely removed from the main codebase. Having two different storage implementations is greatly complicating the maintenance process and also making it more difficult for users and other teams to work with the store as they need to understand how to operate on two very different implementations.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_whats_next&quot;&gt;What&amp;#8217;s next?&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;For the time being, the Map Store will be available in a separate branch, yet to be created. It will exist mainly to provide us with a way to fetch bits and pieces that can be valuable to the current store. Then, you can expect the gradual removal of the Map Storage bits from the codebase starting with Keycloak 23. This encompasses, among other things, closing the Map Storage issues on Github, removal of Map Store CLI options, and removal of the Map Store modules.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
-&lt;/div&gt;
+&lt;p&gt;In the near to mid-term future, the store team will continue to focus on cross-DC and some selected smaller improvements/refactorings for the current store. We will prioritize working on highly voted issues and pull requests provided by the community. In parallel, the plan is to develop a roadmap for features and capabilities that we want to bring to the Keycloak store after wrapping up the cross-DC work, and then share this roadmap so it can be discussed and prioritized according to the community&amp;#8217;s feedback.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;We would also like to thank the Keycloak community for the engagement and feedback during the development of the Map Store. We know that discarding a significant amount of work is not ideal, but we are confident that this decision is the most beneficial for Keycloak and its users in the long run as it will allow us to deliver meaningful value quicker. The team remains focused on improving the store layer and is looking forward to meeting all the challenges ahead.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
+&lt;p&gt;Keycloak Store Team&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/10/map-store-removal</guid>
+        <pubDate>Tue, 17 Oct 2023 00:00:00 GMT</pubDate>
+        
+        <author>Stefan Guilhen</author>
+      </item>
+      <item>
+        <title>Reactivating Discourse</title>
+        <link>https://www.keycloak.org/2023/10/reactivating-discourse</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Back in June, we decided to sunset Discourse as one of our communication
+channels, as outlined in our
+&lt;a href=&quot;https://www.keycloak.org/2023/06/sunsetting-discourse.html&quot;&gt;previous announcement&lt;/a&gt;.
+However, after careful consideration and understanding the impact this decision
+had on our community, we have chosen to revert it.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
+&lt;p&gt;Firstly, we want to acknowledge that our first goal has always been to seek the
+best for our community. While we strive to make the right decisions, we recognize
+that we are not perfect. We apologize for any inconvenience our initial decision
+may have caused, and appreciate the feedback received from many of you.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
+&lt;p&gt;We are happy to announce that
+&lt;a href=&quot;https://keycloak.discourse.group/u/dasniko&quot;&gt;Niko&lt;/a&gt; and
+&lt;a href=&quot;https://keycloak.discourse.group/u/xgp&quot;&gt;Garth&lt;/a&gt; have kindly volunteered to moderate
+Discourse. Their commitment makes it possible for us to reactivate the forum.
+Without their support, especially given the multiple communication channels we
+manage, this would not have been possible.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
+&lt;p&gt;In the future, we will ensure to be transparent about decisions that impact our
+users on Discourse. Thank you for your understanding, patience, and continued
+support.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;The Keycloak Team&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/10/reactivating-discourse</guid>
+        <pubDate>Mon, 16 Oct 2023 00:00:00 GMT</pubDate>
+        
+        <author>Bruno Oliveira</author>
+      </item>
+      <item>
+        <title>Meet Keycloak at KubeCon Chicago in Nov 2023</title>
+        <link>https://www.keycloak.org/2023/10/keycloak-kubeconf-chicago</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;We are thrilled to announce that Keycloak will be at KubeCon Chicago 2023. There are several Keycloak specific sessions lined up during this Conference, and we will be hosting a Kiosk at the Project Pavilion at KubeCon 2023 Chicago.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_what_is_kubecon&quot;&gt;What is KubeCon?&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
+&lt;p&gt;As some of you might already know, KubeCon is a fast-growing Cloud Native tech conference that is expected to have 8,000 developers, architects, and technical leaders onsite as well as thousands of participants virtually.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;KubeCon Chicago will be held from Nov. 6th, 2023 through Nov. 9th, 2023, with many of the co-located events happening on Monday Nov 6th, 2023.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_keycloak_community_meet_greet_at_the_project_pavilion&quot;&gt;Keycloak community Meet &amp;amp; Greet at the Project Pavilion&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;&lt;a href=&quot;https://github.com/ahus1&quot;&gt;Alexander Schwartz&lt;/a&gt;, &lt;a href=&quot;https://github.com/mhajas&quot;&gt;Michal Hajas&lt;/a&gt;, &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/kami619&quot;&gt;Kamesh Akella&lt;/a&gt; will be at the Keycloak kiosk at the Project Pavilion. This is a great chance to meet people who use Keycloak, contribute to Keycloak, take our survey about new Keycloak features, and get some cool swag!&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
+&lt;p&gt;&lt;strong&gt;Keycloak Kiosk opening hours:&lt;/strong&gt;&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;ulist&quot;&gt;
 &lt;ul&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Tuesday, November 7: 10:30 - 3:30 PM CST&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Wednesday, November 8: 10:30 - 2:00 PM CST&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Thursday, November 9: 10:30 - 12:30 PM CST&lt;/p&gt;
 &lt;/li&gt;
 &lt;/ul&gt;
 &lt;/div&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_openshift_commons_gathering&quot;&gt;OpenShift Commons Gathering&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;The OpenShift Commons Gathering happens on Monday (Nov. 6th, 2023) and builds connections and collaboration across OpenShift communities, projects and stakeholders. Some maintainers from the Keycloak development team will be here during the afternoon. This gives a chance for more community Keycloak maintainers, contributors, and users to meet and share their ideas or just hang out. Access to the OpenShift Commons event is free and does not require a paid KubeCon ticket, &lt;a href=&quot;https://commons.openshift.org/gatherings/kubecon-23-nov-6/&quot;&gt;still you’ll need to register on their website in advance&lt;/a&gt;.&lt;/p&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_keycloak_specific_events_at_kubecon&quot;&gt;Keycloak specific events at KubeCon&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
+&lt;p&gt;Below are some Keycloak specific events that the attendees both in-person and virtually can plan to attend.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;ulist&quot;&gt;
 &lt;ul&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Tuesday, November 7, 11:00am - 11:35am CST(UTC-6)&lt;br&gt;
+&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2mH/10-years-of-keycloak-whats-next-for-cloud-native-authentication-and-oidc-alexander-schwartz-red-hat-takashi-norimatsu-hitachi-ltd?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;10 Years of Keycloak - What&amp;#8217;s Next for Cloud-Native Authentication and OIDC?&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
+By Alexander Schwartz, Red Hat &amp;amp; Takashi Norimatsu, Hitachi, Ltd.&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Tuesday, November 7, 11:55am - 12:30pm CST(UTC-6)&lt;br&gt;
+&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2ma/challenge-to-implementing-scalable-authorization-with-keycloak-yoshiyuki-tabata-hitachi-ltd?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;Challenge to Implementing &amp;#8220;Scalable&amp;#8221; Authorization with Keycloak&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
+By Yoshiyuki Tabata, Hitachi, Ltd.&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Tuesday, November 7, 2:30pm - 4:00pm CST(UTC-6)&lt;br&gt;
+&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2nt/contribfest-keycloak-accelerate-new-features-squash-bugs-and-learn-to-contribute-alexander-schwartz-michal-hajas-red-hat?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;Contribfest: Keycloak - Accelerate New Features, Squash Bugs and Learn to Contribute&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
+By Alexander Schwartz &amp;amp; Michal Hajas, Red Hat&lt;/p&gt;
 &lt;/li&gt;
 &lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
+&lt;p&gt;Wednesday, November 8, 11:55am - 12:30pm CST(UTC-6)&lt;br&gt;
+&lt;a href=&quot;https://kccncna2023.sched.com/event/1R2qR/beyond-passwords-keycloaks-contributions-to-iamidentity-and-access-management-security-soojin-lee-hoon-jo-megazone?iframe=no&amp;amp;w=100%&amp;amp;sidebar=yes&amp;amp;bg=no&quot;&gt;&lt;strong&gt;Beyond Passwords: Keycloak&amp;#8217;s Contributions to IAM (Identity and Access Management) + Security&lt;/strong&gt;&lt;/a&gt;&lt;br&gt;
+By Soojin Lee &amp;amp; Hoon Jo, Megazone&lt;/p&gt;
 &lt;/li&gt;
 &lt;/ul&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
-&lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;We&amp;#8217;re preparing for KubeCon Chicago 2023 and can&amp;#8217;t wait to connect with our community. Mark your calendars and join us.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
+&lt;p&gt;See you in Chicago!&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;h2&gt;Upgrading&lt;/h2&gt;
-&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
-
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-</description>
-        <guid>https://www.keycloak.org/2023/03/keycloak-2101-released</guid>
-        <pubDate>Wed, 1 Mar 2023 00:00:00 GMT</pubDate>
-        <category>Keycloak Release</category>
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/10/keycloak-kubeconf-chicago</guid>
+        <pubDate>Tue, 10 Oct 2023 00:00:00 GMT</pubDate>
         
+        <author>Kamesh Akella</author>
       </item>
       <item>
-        <title>Keycloak 21.0.0 released</title>
-        <link>https://www.keycloak.org/2023/02/keycloak-2100-released</link>
+        <title>Keycloak 22.0.4 released</title>
+        <link>https://www.keycloak.org/2023/10/keycloak-2204-released</link>
         <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
 
     &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_supported_user_profile_and_progressive_profiling&quot;&gt;Supported user profile and progressive profiling&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The user profile preview feature is promoted to be fully supported and user profile is enabled by default.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In the past months, the Keycloak team spent a huge amount of effort in polishing the user
-profile feature to make it fully supported. In this release, we continued the effort. Lots of improvements, fixes and
-polishing were done based on the thorough testing and feedback from our awesome community.&lt;/p&gt;
-&lt;/div&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The following are a few highlights of this feature;&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;Fine-grained control over the attributes that users and administrators can manage so that you can prevent unexpected attributes and values from being set.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Ability to specify what user attributes are managed and should be displayed on the forms to regular users or administrators.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Dynamic forms - Previously, the forms where users created or updated their profiles, contain four basic attributes like username, email, first name and last name. The addition of any
-attributes (or removing some default attributes) required you to create a custom theme. Now custom themes may not be needed because users see exactly the requested attributes based on the requirement of the particular deployment.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Validations - Ability to specify validators for the user attributes including built-in validators that you can use to specify a maximum or minimum length, a specific regex, or limiting a
-particular attribute to be a URL or number.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Annotations - Ability to specify that particular attribute should be rendered for instance as a text area, an HTML select with specified options, or calendar or many other options. You can also bind JavaScript code to a specific field to change how an attribute is rendered and customize its behavior.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Progressive profiling - Ability to specify that some fields are required or available on the forms just for particular values of &lt;code&gt;scope&lt;/code&gt; parameter. This effectively allow progressive
-profiling. You no longer need to ask the user for twenty attributes during registration; you can instead ask the user to fill in attributes incrementally according to the requirements of the individual client
-applications that are used by the user.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;Migration from previous versions - The user profile is now always enabled, but it operates as before for those who did not use this feature. You can
-benefit from the user profile capabilities, but you are not required to use them. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The first release of the user profile as a supported feature is just the starting point and the baseline for delivering many more capabilities around identity management.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We would like to give huge thanks to the awesome Keycloak community as lots of ideas, requirements and contributions came from the community! Special thanks to:&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/velias&quot;&gt;Vlastimil Eliáš&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/alechenninger&quot;&gt;Alec Henninger&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/thomasdarimont&quot;&gt;Thomas Darimont&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/bs-matil&quot;&gt;Markus Till&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/antikalk&quot;&gt;Oliver&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/patrickjennings&quot;&gt;Patrick Jennings&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;a href=&quot;https://github.com/adrhine&quot;&gt;Andrew&lt;/a&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details about user profile capabilities, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#user-profile&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_breaking_changes_to_the_user_profile_spi&quot;&gt;Breaking changes to the User Profile SPI&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, changes to the User Profile SPI might impact existing implementations based on this SPI. For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_changes_to_freemarker_templates_to_render_pages_based_on_the_user_profile_and_realm&quot;&gt;Changes to Freemarker templates to render pages based on the user profile and realm&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the following templates were updated to make it possible to dynamically render attributes based
-on the user profile configuration set to a realm:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;login-update-profile.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;register.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;update-email.ftl&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/10/keycloak-2204-released</guid>
+        <pubDate>Wed, 4 Oct 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 22.0.3 released</title>
+        <link>https://www.keycloak.org/2023/09/keycloak-2203-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_new_freemarker_template_for_the_update_profile_page_at_first_login_through_a_broker&quot;&gt;New Freemarker template for the update profile page at first login through a broker&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, the server renders the update profile page when the user is authenticating through a broker for the
-first time using the &lt;code&gt;idp-review-user-profile.ftl&lt;/code&gt; template.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
+&lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_java_adapter_deprecation_and_removal&quot;&gt;Java adapter deprecation and removal&lt;/h3&gt;
+&lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/09/keycloak-2203-released</guid>
+        <pubDate>Tue, 12 Sep 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>2nd edition of the Keycloak book is out</title>
+        <link>https://www.keycloak.org/2023/09/book-2nd-edition</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;We&amp;#8217;re pleased to announce that the 2nd edition of the Keycloak book is out, and available for
+&lt;a href=&quot;https://a.co/d/58BbJ96&quot;&gt;available for purchase on Amazon&lt;/a&gt;.&lt;/p&gt;
+&lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Back in 2022 we announced the &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecation of Keycloak adapters in Keycloak 19&lt;/a&gt;.
-To give the community more time to adopt this &lt;a href=&quot;https://www.keycloak.org/2023/03/adapter-deprecation-update.html&quot;&gt;was delayed&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;This new edition has been updated to the latest release of Keycloak, making the book compatible with the newer Quarkus
+distribution of Keycloak, as well as the new administration console.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With that in mind, this will be the last major release of Keycloak to include OpenID Connect and SAML adapters.
-As Jetty 9.x has not been supported since 2022 the Jetty adapter has been removed already in this release.&lt;/p&gt;
+&lt;p&gt;If you are new to Keycloak this book brings an excellent guide to getting started with Keycloak, including how to secure
+a range of different application types with Keycloak.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The generic Authorization Client library will continue to be supported, and aims to be used in combination with any
-other OAuth 2.0 or OpenID Connect libraries.&lt;/p&gt;
+&lt;p&gt;&lt;span class=&quot;image&quot;&gt;&lt;img src=&quot;https://www.keycloak.org/resources/images/blog/book-2nd-edition.png&quot; alt=&quot;Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications 2nd Edition&quot;&gt;&lt;/span&gt;&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/09/book-2nd-edition</guid>
+        <pubDate>Mon, 11 Sep 2023 00:00:00 GMT</pubDate>
+        
+        <author>Stian Thorgersen</author>
+      </item>
+      <item>
+        <title>Keycloak 22.0.2 released</title>
+        <link>https://www.keycloak.org/2023/09/keycloak-2202-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The only adapter we will continue to deliver is the SAML adapter for latest releases of WildFly and EAP 8.x. Reasoning
-for continuing to support this is down to the fact that the majority of the SAML codebase in Keycloak was a contribution
-from WildFly. As part of this contribution we agreed to maintain SAML adapters for WildFly and EAP in the long run.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_jetty_adapter_removed&quot;&gt;Jetty adapter removed&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Jetty 9.4 has not been supported in the community for a long time, and reached end-of-life in 2022. At the same time the
-adapter has not been updated or tested with more recent versions of Jetty. For these reasons the Jetty adapter has been
-removed from this release.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_welcome_page&quot;&gt;New Welcome Page&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The &#39;welcome&#39; page that appears at the first use of Keycloak is redesigned. It provides a better setup experience and conforms to the latest version of &lt;a href=&quot;https://www.patternfly.org/&quot;&gt;PatternFly&lt;/a&gt;. The simplified page layout includes only a form to register the first administrative user. After completing the registration, the user is sent directly to the Admin Console.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-welcome-screen.png&quot; alt=&quot;New welcome page with a simplified layout and registration form&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 1. New welcome page with a simplified layout and registration form&lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you use a custom theme, you may need to update it to support the new welcome page. For details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/09/keycloak-2202-released</guid>
+        <pubDate>Mon, 11 Sep 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Senior Software Engineer Opening on Keycloak's Core Team!</title>
+        <link>https://www.keycloak.org/2023/08/keycloak-core-hiring</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Red Hat is looking for a Senior Software Engineer who is eager to contribute to the evolving landscape of Identity and Access Management through Keycloak. In addition to improving existing functionalities, you will have the opportunity to innovate and work on new features.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;If you have a solid Java experience, a strong interest in security, thrive in a collaborative environment, and are keen to make a meaningful impact on the IAM landscape, &lt;a href=&quot;https://global-redhat.icims.com/jobs/100108/senior-software-engineer---identity-%26-access-management/job?mode=view&amp;amp;mobile=false&amp;amp;width=708&amp;amp;height=500&amp;amp;bga=true&amp;amp;needsRedirect=false&amp;amp;jan1offset=60&amp;amp;jun1offset=120&quot;&gt;we invite you to apply and become part of our team&lt;/a&gt;.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/08/keycloak-core-hiring</guid>
+        <pubDate>Tue, 29 Aug 2023 00:00:00 GMT</pubDate>
+        
+        <author>Bruno Oliveira</author>
+      </item>
+      <item>
+        <title>Keycloak 22.0.1 released</title>
+        <link>https://www.keycloak.org/2023/07/keycloak-2201-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_new_account_console_now_the_default&quot;&gt;New Account Console now the default&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;We introduced version 3 of the Account Console in Keycloak 22 as a preview feature. In this release, we are making it the default version, and deprecating version 2 in the process, which will be removed in a subsequent release.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This new version has built-in support for the user profile feature, which allows administrators to configure which attributes are available to users in the Account Console, and lands a user directly on their personal account page after logging in.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;imageblock&quot;&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;img src=&quot;images/new-account-console.png&quot; alt=&quot;New Account Console with custom attributes&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;title&quot;&gt;Figure 2. New Account Console with custom attributes&lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;If you are using or extending the customization features of this theme,  you may need to perform additional migrations. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/07/keycloak-2201-released</guid>
+        <pubDate>Tue, 18 Jul 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 22.0.0 released</title>
+        <link>https://www.keycloak.org/2023/07/keycloak-2200-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_js&quot;&gt;Keycloak JS&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_using_exports_field_in_package_json&quot;&gt;Using &lt;code&gt;exports&lt;/code&gt; field in &lt;code&gt;package.json&lt;/code&gt;&lt;/h4&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now uses the &lt;a href=&quot;https://webpack.js.org/guides/package-exports/&quot;&gt;&lt;code&gt;exports&lt;/code&gt; field&lt;/a&gt; in its &lt;code&gt;package.json&lt;/code&gt;. This change improves support for more modern bundlers like Webpack 5 and Vite, but comes with some unavoidable breaking changes. See the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt; for more details.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_pkce_enabled_by_default&quot;&gt;PKCE enabled by default&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak JS adapter now sets the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;S256&lt;/code&gt; by default. This change enables Proof Key Code Exchange (&lt;a href=&quot;https://datatracker.ietf.org/doc/html/rfc7636&quot;&gt;PKCE&lt;/a&gt;) for all applications using the adapter. If you use the adapter on a system that does not support PKCE, you can set the &lt;code&gt;pkceMethod&lt;/code&gt; option to &lt;code&gt;false&lt;/code&gt; to disable it.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_password_hashing&quot;&gt;Changes to Password Hashing&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we adapted the password hashing defaults to match the &lt;a href=&quot;https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2&quot;&gt;OWASP recommendations for Password Storage&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As part of this change, the default password hashing provider has changed from &lt;code&gt;pbkdf2-sha256&lt;/code&gt; to &lt;code&gt;pbkdf2-sha512&lt;/code&gt;.
-Also, the number of default hash iterations for &lt;code&gt;pbkdf2&lt;/code&gt; based password hashing algorithms changed. This change means better security aligned with latest recommendations, but
-it has impact on performance. It is possible to stick to the old behaviour by adding password policies &lt;code&gt;hashAlgorithm&lt;/code&gt; and &lt;code&gt;hashIterations&lt;/code&gt; to your realm. For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_oauthoidc_related_improvements&quot;&gt;OAuth/OIDC related improvements&lt;/h3&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_lightweight_access_tokens_support&quot;&gt;Lightweight access tokens support&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains support for Lightweight access tokens. As a result, you can have smaller access tokens for specified clients. These tokens have only a few
-claims, which is why they are smaller. Note that lightweight access token is still JWT signed by the realm key by default and still contains some very basic claims.&lt;/p&gt;
+&lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/07/keycloak-2200-released</guid>
+        <pubDate>Tue, 11 Jul 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Authorization Survey</title>
+        <link>https://www.keycloak.org/2023/07/authorization-survey</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Services dedicated to authorization are evolving rapidly. There is a steady establishment of policy languages, purpose-built for authorization, as well as a growing number of implementations of Google&amp;#8217;s &quot;Zanzibar&quot; whitepaper, their &lt;a href=&quot;https://research.google/pubs/pub48190/&quot;&gt;global, consistent authorization system&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release introduces an &lt;strong&gt;Add to lightweight access token&lt;/strong&gt; flag that is available on some OIDC protocol mappers. Use this flag to specify if a particular claim should be added to a lightweight
-access token. It is &lt;strong&gt;OFF&lt;/strong&gt; by default, which means that most claims are not added.&lt;/p&gt;
+&lt;p&gt;To better understand how we should evolve Keycloak Authorization Services in this context, we&amp;#8217;d appreciate the opportunity to learn more about the Keycloak communities&#39; authorization use cases and experience, regardless of whether you&amp;#8217;ve used Keycloak Authorization Services before or if you use a different service for access management.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Also, a client policy executor exists. Use it to specify if a particular client request
-should use lightweight access tokens or regular access tokens. An alternative to the executor is to use an &lt;strong&gt;Always use lightweight access token&lt;/strong&gt; flag on client advanced
-settings, which causes that client to always use lightweight access tokens. An executor can be an alternative if you need
-more flexibility. For instance, you may choose to use lightweight access tokens by default but use regular tokens only for the specified &lt;strong&gt;scope&lt;/strong&gt; parameter.&lt;/p&gt;
+&lt;p&gt;Please consider filling out &lt;a href=&quot;https://forms.gle/MkaSXQ9NuaR24qZt9&quot;&gt;this brief, anonymous survey&lt;/a&gt; to help shape Keycloak&amp;#8217;s future authorization experience.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/07/authorization-survey</guid>
+        <pubDate>Thu, 6 Jul 2023 00:00:00 GMT</pubDate>
+        
+        <author>Alec Henninger</author>
+      </item>
+      <item>
+        <title>Survey - Cross-Site Replication in Keycloak</title>
+        <link>https://www.keycloak.org/2023/06/crossdc-survey</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;The Keycloak and Infinispan engineering teams are working together to bring Cross-Site Replication (CSR) to a fully
+supported state in future Keycloak releases, with Active/Passive support and Active/Active support.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A previous release added an &lt;strong&gt;Add to token introspection&lt;/strong&gt; switch. You use it to add
-claims that are not present in the access token into the introspection endpoint response.&lt;/p&gt;
+&lt;p&gt;We would like to gather inputs on your expectations, requirements, use-cases and sizing of the target deployment
+environments for the CSR feature. Thanks in advance for filling out this survey form to help us better plan and deliver
+this feature.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Thanks to &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution and Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for a help and review of this feature.&lt;/p&gt;
+&lt;p&gt;If your are interested in Active/Passive or Active/Active deployments of Keycloak please fill in
+&lt;a href=&quot;https://forms.gle/B5TogcX7WvgdeNKD6&quot;&gt;the survey&lt;/a&gt;.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/06/crossdc-survey</guid>
+        <pubDate>Fri, 30 Jun 2023 00:00:00 GMT</pubDate>
+        
+        <author>Stian Thorgersen</author>
+      </item>
+      <item>
+        <title>Keycloak 21.1.2 released</title>
+        <link>https://www.keycloak.org/2023/06/keycloak-2112-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_2_1_support&quot;&gt;OAuth 2.1 support&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This release contains optional OAuth 2.1 support. New client policy profiles were introduced in this release, which administrators can use to make sure that clients and particular client requests comply with the OAuth 2.1 specification. A dedicated client profile exists for confidential clients and a dedicated profile for public clients.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/skabano&quot;&gt;Shigeyuki Kabano&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_scope_parameter_supported_in_the_refresh_token_flow&quot;&gt;Scope parameter supported in the refresh token flow&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the &lt;strong&gt;scope&lt;/strong&gt; parameter in the OAuth2/OIDC endpoint for token refresh is supported. Use this parameter to request access tokens with a smaller amount
-of scopes than originally granted, which means you cannot increase access token scope. This scope limitation does not affect the scope of the refreshed refresh token. This function works as
-described in the OAuth2 specification.
-Thanks to &lt;a href=&quot;https://github.com/cgeorgilakis&quot;&gt;Konstantinos Georgilakis&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/06/keycloak-2112-released</guid>
+        <pubDate>Wed, 28 Jun 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>New Keycloak maintainer: Alexander Schwartz</title>
+        <link>https://www.keycloak.org/2023/06/alexander-schwartz</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;We&amp;#8217;re delighted to announce &lt;a href=&quot;https://github.com/ahus1&quot;&gt;Alexander Schwartz&lt;/a&gt; as an official maintainer of Keycloak.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_secure_redirect_uris&quot;&gt;Client policy executor for secure redirect URIs&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;secure-redirect-uris-enforcer&lt;/code&gt; is introduced. Use it to restrict which redirect URIs can be used by the clients. For instance,
-you can specify that client redirect URIs cannot have wildcards, should be just from specific domain, must be OAuth 2.1 compliant, and so on.
-Thanks to &lt;a href=&quot;https://github.com/lexcao&quot;&gt;Lex Cao&lt;/a&gt; and &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;Alexander started contributing to Keycloak in 2015. He applied it in several customer installations and is maintaining the Dropwizard module for Keycloak. In January 2022, he joined Red Hat. Since then, he has contributed to Keycloak’s store and documentation and is the key contributor to the Keycloak benchmark project. He helped with Keycloak’s submission to CNCF, and represented Keycloak at KubeCon Amsterdam in April 2023. &lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;He has shown his commitment to the Keycloak community by collaborating on design discussions, participating in GitHub discussions, reviewing pull-requests, answering questions on the Keycloak mailing lists, contributing to new features, bug fixes and triaging GitHub issues.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_client_policy_executor_for_enforcing_dpop&quot;&gt;Client policy executor for enforcing DPoP&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new client policy executor &lt;code&gt;dpop-bind-enforcer&lt;/code&gt; is introduced. You can use it to enforce DPoP for a particular client if &lt;code&gt;dpop&lt;/code&gt; preview
- is enabled.
-Thanks to &lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;The Keycloak team is very excited to welcome Alexander as our new maintainer and long-time contributor.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/06/alexander-schwartz</guid>
+        <pubDate>Tue, 27 Jun 2023 00:00:00 GMT</pubDate>
+        
+        <author>Bruno Oliveira</author>
+      </item>
+      <item>
+        <title>Sunsetting Discourse</title>
+        <link>https://www.keycloak.org/2023/06/sunsetting-discourse</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Our community has grown and evolved significantly over time. This growth has
+been exciting to be a part of, but it has also presented new challenges. One of
+these challenges has been managing the multiple communication channels we
+have in place to engage with our community.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;Today, we have various channels available: Google Groups, GitHub Discussions,
+Slack, and Discourse. Each of these platforms has its strengths in fostering the
+open dialogue and collaboration. However, we have been unable to provide the
+level of attention and interaction we believe our community deserves.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_supporting_eddsa&quot;&gt;Supporting EdDSA&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can create EdDSA realm keys and use them as signature algorithms for various clients. For instance, you can use these keys to sign tokens or for client authentication with signed JWT.
-This feature includes identity brokering where Keycloak itself signs client assertions that are used for &lt;code&gt;private_key_jwt&lt;/code&gt; authentication to third party identity providers.
-Thanks to
-&lt;a href=&quot;https://github.com/tnorimat&quot;&gt;Takashi Norimatsu&lt;/a&gt; and &lt;a href=&quot;https://github.com/MuhammadZakwan&quot;&gt;Muhammad Zakwan Bin Mohd Zahid&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;With this in mind, we have decided that as of June 26, 2023, we will sunset
+Discourse as one of our communication channels. We understand the value
+that Discourse has brought to our community, but we believe that focusing our
+efforts on fewer communication channels will allow us to foster more
+meaningful conversations.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;What does this mean for Discourse users?&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_ec_keys_supported_by_javakeystore_provider&quot;&gt;EC Keys supported by JavaKeystore provider&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The provider &lt;code&gt;JavaKeystoreProvider&lt;/code&gt; for providing realm keys now supports EC keys in addition to previously supported RSA keys.
-Thanks to &lt;a href=&quot;https://github.com/wistefan&quot;&gt;Stefan Wiedemann&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;From June 26, 2023, users will no longer be able to create new posts on
+Discourse, but they can still access all the content and discussions that have
+been shared there. All the existing threads will be preserved as an archive,
+ensuring that the knowledge accumulated over the years is not lost.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;For those who have been actively using Discourse, we understand that this
+transition might be challenging. We encourage users to join our conversations
+on &lt;a href=&quot;https://www.keycloak.org/community&quot;&gt;Google Groups, GitHub Discussions, and Slack&lt;/a&gt;.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/06/sunsetting-discourse</guid>
+        <pubDate>Wed, 21 Jun 2023 00:00:00 GMT</pubDate>
+        
+        <author>Bruno Oliveira</author>
+      </item>
+      <item>
+        <title>Keyconf 23</title>
+        <link>https://www.keycloak.org/2023/05/keyconf-23</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;We would like to invite you to the Keycloak conference Keyconf 23!&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_option_to_add_x509_thumbprint_to_jwt_when_using_private_key_jwt_authentication_for_identity_providers&quot;&gt;Option to add X509 thumbprint to JWT when using private_key_jwt authentication for identity providers&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;OIDC identity providers now have the &lt;strong&gt;Add X.509 Headers to the JWT&lt;/strong&gt; option for the situation when client authentication with JWT signed by private key is used. This option can be useful
-for interoperability with some identity providers such as Azure AD, which require the thumbprint to be present on the JWT.
-Thanks to &lt;a href=&quot;https://github.com/MikeTangoEcho&quot;&gt;MT&lt;/a&gt; for the contribution.&lt;/p&gt;
+&lt;p&gt;The event will take place on June 16 in London. The details about this event together with the links for free registration are
+&lt;a href=&quot;https://www.eventbrite.co.uk/e/keyconf-23-tickets-621079815447&quot;&gt;here&lt;/a&gt;!&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;The Keyconf conference takes place the day after the &lt;a href=&quot;https://whitehallmedia.co.uk/idmjun2023/&quot;&gt;IDM Identity Management&lt;/a&gt; conference. If you are interested in security in general, this is a good opportunity to join the both conferences.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/05/keyconf-23</guid>
+        <pubDate>Thu, 4 May 2023 00:00:00 GMT</pubDate>
+        
+        <author>Marek Posolda</author>
+      </item>
+      <item>
+        <title>New Keycloak maintainer: Sebastian Schuster</title>
+        <link>https://www.keycloak.org/2023/05/maintainer-sschu</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;We are pleased to welcome &lt;a href=&quot;https://github.com/sschu&quot;&gt;Sebastian Schuster&lt;/a&gt; as an official maintainer of Keycloak.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_oauth_grant_type_spi&quot;&gt;OAuth Grant Type SPI&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak codebase includes an internal update  to introduce the OAuth Grant Type SPI. This update allows additional flexibility when introducing custom grant types
-supported by the Keycloak OAuth 2 token endpoint.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
+&lt;p&gt;Sebastian has contributed to Keycloak since 2019, when he convinced his company Bosch to use Keycloak for identity and
+access management. He has been active in the community providing help, taking part in discussions and contributing.
+Behind him, there is a whole team at Bosch providing more than 60 contributions over the last years in various areas.
+The declarative user profile was the most prominent feature contributed.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_cors_improvements&quot;&gt;CORS improvements&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The CORS related Keycloak functionality was extracted into the SPI, which can allow additional flexibility. Note that &lt;code&gt;CorsSPI&lt;/code&gt; is internal and may change at a future release.
-Thanks to &lt;a href=&quot;https://github.com/dteleguin&quot;&gt;Dmitry Telegin&lt;/a&gt; for the contribution.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;His company allows him to dedicate a considerable amount of time for Keycloak to help review contributions and reports
+and get involved in discussions. Since Sebastian has got experience operating Keycloak on a wide scale over several
+years, he will focus on topics around cloud-native and Keycloak operations like observability.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_truststore_improvements&quot;&gt;Truststore improvements&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Keycloak introduces improved truststores configuration options. The Keycloak truststore is now used across the server, including outgoing connections, mTLS, and database drivers. You no longer need to configure separate truststores for individual areas. To configure the truststore, you can put your truststores files or certificates in the default &lt;code&gt;conf/truststores&lt;/code&gt;, or use the new &lt;code&gt;truststore-paths&lt;/code&gt; config option. For details refer to the relevant &lt;a href=&quot;https://www.keycloak.org/server/keycloak-truststore&quot;&gt;guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
-&lt;/div&gt;
+&lt;p&gt;Not only will Sebastian on his own bring a lot of value to Keycloak, but he will also serve as an integration point for
+Bosch to enable more contributions from his team, allowing them to contribute more value to Keycloak in the future.&lt;/p&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/05/maintainer-sschu</guid>
+        <pubDate>Tue, 2 May 2023 00:00:00 GMT</pubDate>
+        
+        <author>Stian Thorgersen</author>
+      </item>
+      <item>
+        <title>Keycloak 21.1.1 released</title>
+        <link>https://www.keycloak.org/2023/04/keycloak-2111-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_versioned_features&quot;&gt;Versioned Features&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Features now support versioning. To preserve backward compatibility, all existing features (including &lt;code&gt;account2&lt;/code&gt; and &lt;code&gt;account3&lt;/code&gt;) are marked as version 1. Newly introduced features will use versioning, which means that users can select between different implementations of desired features.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For details refer to the &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;features guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_keycloak_cr_truststores&quot;&gt;Keycloak CR Truststores&lt;/h4&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You may also take advantage of the new server-side handling of truststores by using the Keycloak CR, for example:&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;spec:
-  truststores:
-    mystore:
-      secret:
-        name: mystore-secret
-    myotherstore:
-      secret:
-        name: myotherstore-secret&lt;/code&gt;&lt;/pre&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Currently only Secrets are supported.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect3&quot;&gt;
-&lt;h4 id=&quot;_trust_kubernetes_ca&quot;&gt;Trust Kubernetes CA&lt;/h4&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The cert for the Kubernetes CA is added automatically to your Keycloak Pods managed by the Operator.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/04/keycloak-2111-released</guid>
+        <pubDate>Wed, 26 Apr 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 21.1.0 released</title>
+        <link>https://www.keycloak.org/2023/04/keycloak-2110-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_automatic_certificate_management_for_saml_identity_providers&quot;&gt;Automatic certificate management for SAML identity providers&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The SAML identity providers can now be configured to automatically download the signing certificates from the IDP entity metadata descriptor endpoint. In order to use the new feature, configure the &lt;code&gt;Metadata descriptor URL&lt;/code&gt; option in the provider (the URL where the IDP metadata information with the certificates is published) and set &lt;code&gt;Use metadata descriptor URL&lt;/code&gt; to &lt;code&gt;ON&lt;/code&gt;. The certificates are automatically downloaded and cached in the &lt;code&gt;public-key-storage&lt;/code&gt; SPI from that URL. The certificates can also be reloaded or imported from the Admin Console, using the action combo in the provider page.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;See the &lt;a href=&quot;https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers&quot;&gt;documentation&lt;/a&gt; for more details about the new options.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
-&lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_non_blocking_health_check_for_load_balancers&quot;&gt;Non-blocking health check for load balancers&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;A new health check endpoint available at &lt;code&gt;/lb-check&lt;/code&gt; was added.
-The execution is running in the event loop, which means this check is responsive also in overloaded situations when Keycloak needs to handle many requests waiting in request queue.
-This behavior is useful, for example, in multi-site deployment to avoid failing over to another site that is under heavy load.
-The endpoint is currently checking availability of the embedded and external Infinispan caches. Other checks may be added later.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This endpoint is not available by default.
-To enable it, run Keyloak with the &lt;code&gt;multi-site&lt;/code&gt; feature.
-For more details, see &lt;a href=&quot;https://www.keycloak.org/server/features&quot;&gt;Enabling and disabling features&lt;/a&gt;.&lt;/p&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_optimized_field&quot;&gt;Keycloak CR Optimized Field&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now includes an &lt;code&gt;startOptimized&lt;/code&gt; field, which may be used to override the default assumption about whether to use the &lt;code&gt;--optimized&lt;/code&gt; flag for the start command.
-As a result, you can use the CR to configure build time options also when a custom Keycloak image is used.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_enhanced_reverse_proxy_settings&quot;&gt;Enhanced reverse proxy settings&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;It is now possible to separately enable parsing of either &lt;code&gt;Forwarded&lt;/code&gt; or &lt;code&gt;X-Forwarded-*&lt;/code&gt; headers by using the new &lt;code&gt;--proxy-headers&lt;/code&gt; option.
-For details, see the &lt;a href=&quot;https://www.keycloak.org/server/reverseproxy&quot;&gt;Reverse Proxy Guide&lt;/a&gt;.
-The original &lt;code&gt;--proxy&lt;/code&gt; option is now deprecated and will be removed in a future release. For migration instructions, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/04/keycloak-2110-released</guid>
+        <pubDate>Thu, 20 Apr 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 21.0.2 released</title>
+        <link>https://www.keycloak.org/2023/03/keycloak-2102-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_user_representation_in_both_admin_api_and_account_contexts&quot;&gt;Changes to the user representation in both Admin API and Account contexts&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, we are encapsulating the root user attributes (such as &lt;code&gt;username&lt;/code&gt;, &lt;code&gt;email&lt;/code&gt;, &lt;code&gt;firstName&lt;/code&gt;, &lt;code&gt;lastName&lt;/code&gt;, and &lt;code&gt;locale&lt;/code&gt;) by moving them to a base/abstract class in order to align how these attributes
-are marshalled and unmarshalled when using both Admin and Account REST APIs.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;This strategy provides consistency in how attributes are managed by clients and makes sure they conform to the user profile
-configuration set to a realm.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_sequential_loading_of_offline_sessions_and_remote_sessions&quot;&gt;Sequential loading of offline sessions and remote sessions&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Starting with this release, the first member of a Keycloak cluster will load remote sessions sequentially instead of in parallel.
-If offline session preloading is enabled, those will be loaded sequentially as well.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the &lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_performing_actions_on_behalf_of_another_already_authenticated_user_is_not_longer_possible&quot;&gt;Performing actions on behalf of another already authenticated user is not longer possible&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, you can no longer perform actions such as email verification if the user is already authenticated
-and the action is bound to another user. For instance, a user can not complete the verification email flow if the email link
-is bound to a different account.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_changes_to_the_email_verification_flow&quot;&gt;Changes to the email verification flow&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In this release, if a user tries to follow the link to verify the email and the email was previously verified, a proper message
-will be shown.&lt;/p&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/03/keycloak-2102-released</guid>
+        <pubDate>Thu, 30 Mar 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Update on deprecation of Keycloak adapters</title>
+        <link>https://www.keycloak.org/2023/03/adapter-deprecation-update</link>
+        <description>&lt;div class=&quot;paragraph&quot;&gt;
+&lt;p&gt;In 2022 we announced the deprecation of &lt;a href=&quot;https://www.keycloak.org/2022/02/adapter-deprecation.html&quot;&gt;deprecating Keycloak adapters&lt;/a&gt;, with
+a plan to stop delivering most adapters in &lt;a href=&quot;https://www.keycloak.org/2022/03/releases.html&quot;&gt;Keycloak 19&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In addition to that, a new error (&lt;code&gt;EMAIL_ALREADY_VERIFIED&lt;/code&gt;) event will be fired to indicate an attempt to verify an already verified email. You can
-use this event to track possible attempts to hijack user accounts in case the link has leaked or to alert users if they do not recognize the action.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;As we have not been able to make sufficient progress on finding alternatives and work on supporting material to help
+migrating away from Keycloak adapters we are extending the life of the Keycloak adapters.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_deprecated_offline_session_preloading&quot;&gt;Deprecated offline session preloading&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The default behavior of Keycloak is to load offline sessions on demand.
-The old behavior to preload them at startup is now deprecated, as pre-loading them at startup does not scale well with a growing number of sessions, and increases Keycloak memory usage. The old behavior will be removed in a future release.&lt;/p&gt;
+&lt;p&gt;The plan is still to eventually stop delivering bespoke Keycloak adapters in the future, but we will do this in a more gradual process than previous laid out.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;We still strongly belive that the community as a whole are better served in the long run by us focusing more on the Keycloak server with full compliance and support for specifications such as OAuth 2.0 and OpenID Connect, and adding support for additional relevant extensions to the specifications.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_configuration_option_for_offline_session_lifespan_override_in_memory&quot;&gt;Configuration option for offline session lifespan override in memory&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;To reduce memory requirements, we introduced a configuration option to shorten lifespan for offline sessions imported into the Infinispan caches. Currently, the offline session lifespan override is disabled by default.&lt;/p&gt;
+&lt;p&gt;We also believe by leaving the integration for various programming languages and frameworks to the relevant communities, the end result will be more extensive support, with more features and abilities, and last but not least better integrations and easy of use.&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_oauth_2_0_and_openid_connect_adapters&quot;&gt;OAuth 2.0 and OpenID Connect adapters&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
+&lt;div class=&quot;sect2&quot;&gt;
+&lt;h3 id=&quot;_java&quot;&gt;Java&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/server_admin/#_offline-access&quot;&gt;Server Administration Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;For Java applications there is now more than ever wide-spread support for OpenID Connect, where some examples include:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;ulist&quot;&gt;
+&lt;ul&gt;
+&lt;li&gt;
+&lt;p&gt;&lt;a href=&quot;https://jakarta.ee/specifications/security/3.0/jakarta-security-spec-3.0.html#openid-connect-annotation&quot;&gt;Jakarta Security 3.0&lt;/a&gt; - OpenID Connect support in Jakarta EE 10&lt;/p&gt;
+&lt;/li&gt;
+&lt;li&gt;
+&lt;p&gt;&lt;a href=&quot;https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/&quot;&gt;Elytron OIDC&lt;/a&gt; - OpenID Connect support in WildFly&lt;/p&gt;
+&lt;/li&gt;
+&lt;li&gt;
+&lt;p&gt;&lt;a href=&quot;https://quarkus.io/guides/security-openid-connect&quot;&gt;Quarkus OIDC&lt;/a&gt; - OpenID Connect support for Quarkus applications&lt;/p&gt;
+&lt;/li&gt;
+&lt;li&gt;
+&lt;p&gt;&lt;a href=&quot;https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html&quot;&gt;Spring Security&lt;/a&gt; - OAuth and OpenID Connect support in Spring&lt;/p&gt;
+&lt;/li&gt;
+&lt;li&gt;
+&lt;p&gt;&lt;a href=&quot;https://www.pac4j.org/&quot;&gt;Pac4j&lt;/a&gt; - The Java security framework to protect all your web applications and web services&lt;/p&gt;
+&lt;/li&gt;
+&lt;/ul&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_infinispan_metrics_use_labels_for_cache_manager_and_cache_names&quot;&gt;Infinispan metrics use labels for cache manager and cache names&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When enabling metrics for Keycloak&amp;#8217;s embedded caches, the metrics now use labels for the cache manager and the cache names.&lt;/p&gt;
+&lt;p&gt;Neither of these have support for Keycloak Authorization Services though, which is why we are planning to introduce a
+generic Java client libraries for Authorization Services that can be leveraged with other OpenID Connect client libraries.
+Expect this to be delivered in Keycloak 22.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;The Keycloak Java adapters will remain for a while though, at least towards the end of the year, but likely not be removed
+until early 2024. At the same time don&amp;#8217;t expect the adapters to be updated in terms of adding new features, enhancements, or supporting newer versions of
+Tomcat, Jetty, WildFly, or Spring.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_user_attribute_value_length_extension&quot;&gt;User attribute value length extension&lt;/h3&gt;
+&lt;h3 id=&quot;_node_js&quot;&gt;Node.js&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;As of this release, Keycloak supports storing and searching by user attribute values longer than 255 characters, which was previously a limitation.&lt;/p&gt;
+&lt;p&gt;We are still investigating alternatives for Node.js, so plan is available for those one just yet. Expect more information
+to come later in the year. Regardless of the alternative we will deliver support for Keycloak Authorization Services to
+Node.js.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;The Keycloak Node.js adapter will remain, at least towards the end of the year, but likely not be removed until early 2024.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_brute_force_protection_changes&quot;&gt;Brute Force Protection changes&lt;/h3&gt;
+&lt;h3 id=&quot;_client_side_javascript&quot;&gt;Client-side JavaScript&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There have been a couple of enhancements to the Brute Protection:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;olist arabic&quot;&gt;
-&lt;ol class=&quot;arabic&quot;&gt;
-&lt;li&gt;
-&lt;p&gt;When an attempt to authenticate with an OTP or Recovery Code fails due to Brute Force Protection the active Authentication Session is invalidated. Any further attempts to authenticate with that session will fail.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;In previous versions of Keycloak, the administrator had to choose between disabling users temporarily or permanently due to a Brute Force attack on their accounts. The administrator can now permanently disable a user after a given number of temporary lockouts.&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;The property &lt;code&gt;failedLoginNotBefore&lt;/code&gt; has been added to the &lt;code&gt;brute-force/users/{userId}&lt;/code&gt; endpoint&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ol&gt;
+&lt;p&gt;For now the Keycloak client-side JavaScript adapter remains, but we are looking into alternatives as well as the potential
+of completely overhauling our current adapter and continue maintaining and delivering this adapter.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_authorization_policy&quot;&gt;Authorization Policy&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;In previous versions of Keycloak, when the last member of a User, Group or Client policy was deleted then that policy would also be deleted. Unfortunately this could lead to an escalation of privileges if the policy was used in an aggregate policy. To avoid privilege escalation the effect policies are no longer deleted and an administrator will need to update those policies.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_cache_config_file_option&quot;&gt;Keycloak CR cache-config-file option&lt;/h3&gt;
+&lt;div class=&quot;sect1&quot;&gt;
+&lt;h2 id=&quot;_saml_2_0&quot;&gt;SAML 2.0&lt;/h2&gt;
+&lt;div class=&quot;sectionbody&quot;&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;cache-config-file&lt;/code&gt; option by using the &lt;code&gt;cache&lt;/code&gt; spec &lt;code&gt;configMapFile&lt;/code&gt; field, for example:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;listingblock&quot;&gt;
-&lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  cache:
-    configMapFile:
-      name: my-configmap
-      key: config.xml&lt;/code&gt;&lt;/pre&gt;
-&lt;/div&gt;
+&lt;p&gt;We are planning to continue supporting SAML 2.0 for WildFly and JBoss EAP in the long run, but support for Tomcat and
+Jetty are likely to be removed relatively soon.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;/div&gt;</description>
+        <guid>https://www.keycloak.org/2023/03/adapter-deprecation-update</guid>
+        <pubDate>Wed, 29 Mar 2023 00:00:00 GMT</pubDate>
+        
+        <author>Stian Thorgersen</author>
+      </item>
+      <item>
+        <title>Keycloak 21.0.1 released</title>
+        <link>https://www.keycloak.org/2023/03/keycloak-2101-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_keycloak_cr_resources_options&quot;&gt;Keycloak CR resources options&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;The Keycloak CR now allows for specifying the &lt;code&gt;resources&lt;/code&gt; options for managing compute resources for the Keycloak container.
-It provides the ability to request and limit resources independently for the main Keycloak deployment via the Keycloak CR, and for the realm import Job via the Realm Import CR.&lt;/p&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;When no values are specified, the default &lt;code&gt;requests&lt;/code&gt; memory is set to &lt;code&gt;1700MiB&lt;/code&gt;, and the &lt;code&gt;limits&lt;/code&gt; memory is set to &lt;code&gt;2GiB&lt;/code&gt;.&lt;/p&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;You can specify your custom values based on your requirements as follows:&lt;/p&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;listingblock&quot;&gt;
 &lt;div class=&quot;content&quot;&gt;
-&lt;pre class=&quot;highlight&quot;&gt;&lt;code class=&quot;language-yaml&quot; data-lang=&quot;yaml&quot;&gt;apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: example-kc
-spec:
-  ...
-  resources:
-    requests:
-      cpu: 1200m
-      memory: 896Mi
-    limits:
-      cpu: 6
-      memory: 3Gi&lt;/code&gt;&lt;/pre&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/operator/advanced-configuration&quot;&gt;Operator Advanced configuration&lt;/a&gt;.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_temporary_lockout_log_replaced_with_event&quot;&gt;Temporary lockout log replaced with event&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;There is now a new event &lt;code&gt;USER_DISABLED_BY_TEMPORARY_LOCKOUT&lt;/code&gt; when a user is temporarily locked out by the brute force protector.
-The log with ID &lt;code&gt;KC-SERVICES0053&lt;/code&gt; has been removed as the new event offers the information in a structured form.&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/docs/24.0.0/upgrading/&quot;&gt;Upgrading Guide&lt;/a&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
+&lt;h2&gt;Upgrading&lt;/h2&gt;
+&lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
+
+</description>
+        <guid>https://www.keycloak.org/2023/03/keycloak-2101-released</guid>
+        <pubDate>Wed, 1 Mar 2023 00:00:00 GMT</pubDate>
+        <category>Keycloak Release</category>
+        
+      </item>
+      <item>
+        <title>Keycloak 21.0.0 released</title>
+        <link>https://www.keycloak.org/2023/02/keycloak-2100-released</link>
+        <description>&lt;p&gt;To download the release go to &lt;a href=&quot;https://www.keycloak.org/downloads.html&quot;&gt;Keycloak downloads&lt;/a&gt;.&lt;/p&gt;
+
+    &lt;h2&gt;Release notes&lt;/h2&gt;
 &lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_updates_to_cookies&quot;&gt;Updates to cookies&lt;/h3&gt;
+&lt;h3 id=&quot;_operator_deploys_nightly_build_instead_of_24_0_0&quot;&gt;Operator deploys nightly build instead of 24.0.0&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Cookie handling code has been refactored and improved, including a new Cookie Provider. This provides better consistency
-for cookies handled by Keycloak, and the ability to introduce configuration options around cookies if needed.&lt;/p&gt;
-&lt;/div&gt;
+&lt;p&gt;Due to an issue in the release process when deploying Keycloak using the Operator it installed the &lt;code&gt;nightly&lt;/code&gt; container
+instead of &lt;code&gt;24.0.0&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_saml_user_attribute_mapper_for_nameid_now_suggests_only_valid_nameid_formats&quot;&gt;SAML User Attribute Mapper For NameID now suggests only valid NameID formats&lt;/h3&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;User Attribute Mapper For NameID allowed setting &lt;code&gt;Name ID Format&lt;/code&gt; option to the following values:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:entity&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
+&lt;p&gt;As a quick fix to the issue, the &lt;code&gt;24.0.0&lt;/code&gt; container was tagged with &lt;code&gt;nightly&lt;/code&gt;, and the &lt;code&gt;nightly&lt;/code&gt; releases was temporarily
+disabled.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;However, Keycloak does not support receiving &lt;code&gt;AuthnRequest&lt;/code&gt; document with one of these &lt;code&gt;NameIDPolicy&lt;/code&gt;, therefore these
-mappers would never be used. The supported options were updated to only include the following Name ID Formats:&lt;/p&gt;
-&lt;/div&gt;
-&lt;div class=&quot;ulist&quot;&gt;
-&lt;ul&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:persistent&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;li&gt;
-&lt;p&gt;&lt;code&gt;urn:oasis:names:tc:SAML:2.0:nameid-format:transient&lt;/code&gt;&lt;/p&gt;
-&lt;/li&gt;
-&lt;/ul&gt;
+&lt;p&gt;If you installed or upgraded to &lt;code&gt;24.0.0&lt;/code&gt; using the Operator before 5pm CET yesterday the database may have been updated
+with the wrong versions. To check if you are affected connect to your database and run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;SELECT * from migration_model WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_different_jvm_memory_settings_when_running_in_container&quot;&gt;Different JVM memory settings when running in container&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container.
-The JVM options &lt;code&gt;-Xms&lt;/code&gt;, and &lt;code&gt;-Xmx&lt;/code&gt; were replaced by &lt;code&gt;-XX:InitialRAMPercentage&lt;/code&gt;, and &lt;code&gt;-XX:MaxRAMPercentage&lt;/code&gt;.&lt;/p&gt;
 &lt;/div&gt;
 &lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;For more details, see the
-&lt;a href=&quot;https://www.keycloak.org/server/containers&quot;&gt;Running Keycloak in a container&lt;/a&gt; guide.&lt;/p&gt;
+&lt;p&gt;If the above returns a matching row you will need to take some actions, otherwise database migrations will not run for
+future releases. To resolve this run the following SQL command:&lt;/p&gt;
 &lt;/div&gt;
+&lt;div class=&quot;listingblock&quot;&gt;
+&lt;div class=&quot;content&quot;&gt;
+&lt;pre class=&quot;highlight&quot;&gt;&lt;code&gt;UPDATE migration_model SET version = &#39;24.0.0&#39; WHERE version = &#39;999.0.0&#39;;&lt;/code&gt;&lt;/pre&gt;
 &lt;/div&gt;
-&lt;div class=&quot;sect2&quot;&gt;
-&lt;h3 id=&quot;_gelf_log_handler_has_been_deprecated&quot;&gt;GELF log handler has been deprecated&lt;/h3&gt;
-&lt;div class=&quot;paragraph&quot;&gt;
-&lt;p&gt;With sunsetting of the &lt;a href=&quot;https://github.com/mp911de/logstash-gelf&quot;&gt;underlying library&lt;/a&gt; providing integration
-with GELF, Keycloak will no longer support the GELF log handler out-of-the-box. This feature will be removed in a future
-release. If you require an external log management, consider using file log parsing.&lt;/p&gt;
 &lt;/div&gt;
 &lt;/div&gt;
 &lt;h2&gt;Upgrading&lt;/h2&gt;
 &lt;p&gt;Before upgrading refer to &lt;a href=&quot;https://www.keycloak.org/docs/latest/upgrading/index.html#migration-changes&quot;&gt;the migration guide&lt;/a&gt; for a complete list of changes.&lt;/p&gt;
 
-&lt;h2&gt;All resolved issues&lt;/h2&gt;
-
-
-&lt;h3&gt;New features&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15190&quot;&gt;#15190&lt;/a&gt; RestAPI endpoint &quot;send-verify-email&quot; sending execute actions email template. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19586&quot;&gt;#19586&lt;/a&gt; @keycloak/keycloak-admin-client doesn&#39;t provide an ability to use optional client scope for access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23539&quot;&gt;#23539&lt;/a&gt; User profile attributes should only accept a single value unless configured otherwise &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25167&quot;&gt;#25167&lt;/a&gt; Implement POST logout in Keycloak JS &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25446&quot;&gt;#25446&lt;/a&gt; CORS SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25676&quot;&gt;#25676&lt;/a&gt; Introduce new CLI config options for Infinispan remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25702&quot;&gt;#25702&lt;/a&gt; Encrypt network communication in JGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25733&quot;&gt;#25733&lt;/a&gt; Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25903&quot;&gt;#25903&lt;/a&gt; Create new landing page for admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25941&quot;&gt;#25941&lt;/a&gt; Issue Verifiable Credentials in the JWT-VC format &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26028&quot;&gt;#26028&lt;/a&gt; Remove conditional statements about Windows / Linux from the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26250&quot;&gt;#26250&lt;/a&gt; OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26455&quot;&gt;#26455&lt;/a&gt; Supported option to specify maximum threads used to handle HTTP requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26456&quot;&gt;#26456&lt;/a&gt; Supported option to specify resource management for pods in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26458&quot;&gt;#26458&lt;/a&gt; Support custom Infinispan configuration file in Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26460&quot;&gt;#26460&lt;/a&gt; Supported option to specify site name for multi-site deployments &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26500&quot;&gt;#26500&lt;/a&gt; Cookie Provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26936&quot;&gt;#26936&lt;/a&gt; Support EC Key-Imports for the JavaKeystoreKeyProvider  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27186&quot;&gt;#27186&lt;/a&gt; Meta description of admin-ui and account-ui cannot be changed in theme.properties &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Enhancements&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9508&quot;&gt;#9508&lt;/a&gt; Rename &quot;Resident key&quot; to &quot;Discoverable Credential&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9758&quot;&gt;#9758&lt;/a&gt; User attributes with a text more than 255 characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9784&quot;&gt;#9784&lt;/a&gt; Add truststore options to Keycloak CR &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/10794&quot;&gt;#10794&lt;/a&gt; Support importing Kubernetes CA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12009&quot;&gt;#12009&lt;/a&gt; Support for scope parameter in the refresh flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12352&quot;&gt;#12352&lt;/a&gt; Align Operator config naming with Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/12946&quot;&gt;#12946&lt;/a&gt; Add X509 thumbprint to JWT when using private_key_jwt  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13250&quot;&gt;#13250&lt;/a&gt; --verbose option doesn&#39;t work in Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15000&quot;&gt;#15000&lt;/a&gt; Add EdDSA/Ed25519 to WebAuthn Signature algorithms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/15714&quot;&gt;#15714&lt;/a&gt; Supporting EdDSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16629&quot;&gt;#16629&lt;/a&gt; Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17574&quot;&gt;#17574&lt;/a&gt; Add failedLoginNotBefore field to existing brute force detection status API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17735&quot;&gt;#17735&lt;/a&gt; Admin-UI: Show realm display name in realm drop down instead of realm id if available &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19190&quot;&gt;#19190&lt;/a&gt; Add &quot;amr&quot; to already implemented &quot;acr&quot; support &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19285&quot;&gt;#19285&lt;/a&gt; Disable Groovy Closures when bootstrapping Picocli &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20125&quot;&gt;#20125&lt;/a&gt; Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21074&quot;&gt;#21074&lt;/a&gt; Identity providers: pagination in admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21343&quot;&gt;#21343&lt;/a&gt; Upgrade welcome theme to PatternFly 5 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21559&quot;&gt;#21559&lt;/a&gt; Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21578&quot;&gt;#21578&lt;/a&gt; Scope parameter in Oauth 2.0 token exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21771&quot;&gt;#21771&lt;/a&gt; List reload button for admin panel &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22436&quot;&gt;#22436&lt;/a&gt; Query users by &#39;LDAP_ID&#39; is not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22922&quot;&gt;#22922&lt;/a&gt; Use Infinispan BOM instead of direct Infinispan dependencies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23057&quot;&gt;#23057&lt;/a&gt; Localization tabs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23431&quot;&gt;#23431&lt;/a&gt; Allow user to select between `Forwarded` or `X-Forwarded-*` header &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23470&quot;&gt;#23470&lt;/a&gt; Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23854&quot;&gt;#23854&lt;/a&gt; Use upstream Quarkus functionality for non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23878&quot;&gt;#23878&lt;/a&gt; User profile configuration scoped to user-federation provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23896&quot;&gt;#23896&lt;/a&gt; Changes in declarative user profile should result in admin events &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24094&quot;&gt;#24094&lt;/a&gt; Map Store Removal: Delete map profiles from testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24097&quot;&gt;#24097&lt;/a&gt; Map Store Removal: Delete container providers that were added to the base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24102&quot;&gt;#24102&lt;/a&gt; Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24103&quot;&gt;#24103&lt;/a&gt; Map Store Removal: Delete GlobalLockProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24105&quot;&gt;#24105&lt;/a&gt; Map Store Removal: Rename Legacy* classes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24107&quot;&gt;#24107&lt;/a&gt; Map Store Removal: Revert deprecated modules in model/legacy and rename &quot;legacy&quot; to &quot;storage&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24148&quot;&gt;#24148&lt;/a&gt; Add config property to specify a list of truststores &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24202&quot;&gt;#24202&lt;/a&gt; Cache stampede after client invalidation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24245&quot;&gt;#24245&lt;/a&gt; Parse default UserProfile configuration in the build time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24250&quot;&gt;#24250&lt;/a&gt; Allow selecting attributes from user profile when managing token mappers &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24344&quot;&gt;#24344&lt;/a&gt; Enhance error logs and error events during UserInfo endpoint and Token Introspection failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24412&quot;&gt;#24412&lt;/a&gt; Accessibility of 2FA method selection &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24422&quot;&gt;#24422&lt;/a&gt; UMA 2 not evaluating as expected when using permission tickets &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24424&quot;&gt;#24424&lt;/a&gt; Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24567&quot;&gt;#24567&lt;/a&gt; Map Store Removal: Revert changes related to map store in test classes in base testsuite &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24668&quot;&gt;#24668&lt;/a&gt; Features versioning &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24793&quot;&gt;#24793&lt;/a&gt; Map Store Removal: Remove `LockObjectsForModification` &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24798&quot;&gt;#24798&lt;/a&gt; Add truststores to keycloak cr &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24860&quot;&gt;#24860&lt;/a&gt; Initialize Infinispan earlier in the build chain &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24926&quot;&gt;#24926&lt;/a&gt; Add polish translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24995&quot;&gt;#24995&lt;/a&gt; Avoid deprecated API usage in testsuite/integration-arquillian/tests/base &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25058&quot;&gt;#25058&lt;/a&gt; Add Polish Translations to Account UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25074&quot;&gt;#25074&lt;/a&gt; Update Kerberos provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25075&quot;&gt;#25075&lt;/a&gt; Update SSSD provider for user-profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25103&quot;&gt;#25103&lt;/a&gt; Remove product from server info &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25113&quot;&gt;#25113&lt;/a&gt; Add a test for the LoadBalancerCheck &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25146&quot;&gt;#25146&lt;/a&gt; Decouple &quot;factory&quot; methods from the &quot;provider&quot; methods on UserProfileProvider implementation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25149&quot;&gt;#25149&lt;/a&gt; Replace the existing themes with the dynamic templates from user profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25236&quot;&gt;#25236&lt;/a&gt; Documentation about Australia Consumer Data Right security profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25238&quot;&gt;#25238&lt;/a&gt; Add missing Arabic messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25287&quot;&gt;#25287&lt;/a&gt; Upgrade Infinispan to 14.0.21.Final &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25288&quot;&gt;#25288&lt;/a&gt; Map Store Removal: Remove protostream dependency &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25300&quot;&gt;#25300&lt;/a&gt; Deprecate offline session preloading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25308&quot;&gt;#25308&lt;/a&gt; Map Store Removal: Revert changes made to backchannelLogout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25309&quot;&gt;#25309&lt;/a&gt; Map Store Removal: Remove ResponseSessionTask &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25314&quot;&gt;#25314&lt;/a&gt; Supporting OAuth 2.1 for confidential clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25315&quot;&gt;#25315&lt;/a&gt; Client policies : executor for enforcing DPoP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25316&quot;&gt;#25316&lt;/a&gt; Supporting OAuth 2.1 for public clients &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25328&quot;&gt;#25328&lt;/a&gt; Tests for client scopes/evaluate tab are missing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25375&quot;&gt;#25375&lt;/a&gt; Extra tests for realm roles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25388&quot;&gt;#25388&lt;/a&gt; Enable concurrent remote operations for Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25403&quot;&gt;#25403&lt;/a&gt; Implements attributes field in KeycloakProfile interface &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25404&quot;&gt;#25404&lt;/a&gt; Adapt incremental build for latest changes in themes module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25415&quot;&gt;#25415&lt;/a&gt; Describe how to use Infinispan Batch CRs for automation with the external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25416&quot;&gt;#25416&lt;/a&gt; Update UserProfileProvider.setConfiguration to accept UPConfig instead of String &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25487&quot;&gt;#25487&lt;/a&gt; Add extra tests for realm-settings in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25637&quot;&gt;#25637&lt;/a&gt; Client policies: executor for validate and match a redirect URI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25638&quot;&gt;#25638&lt;/a&gt; Keycloak native implementation of SD-JWT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25666&quot;&gt;#25666&lt;/a&gt; [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25691&quot;&gt;#25691&lt;/a&gt; More info on UserProfileContext &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25738&quot;&gt;#25738&lt;/a&gt; Tooltips improvements when configuring user profile attribute &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25770&quot;&gt;#25770&lt;/a&gt; X509 client certificate login label extends out of form &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25823&quot;&gt;#25823&lt;/a&gt; Ability to declare a default &quot;First broker login flow&quot; per Realm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25872&quot;&gt;#25872&lt;/a&gt; Make the `user` attribute available to the `idp-review-user-profile.ftl` template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25882&quot;&gt;#25882&lt;/a&gt; RealmResourceProvider is not working as expected since version 23.0.0 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25897&quot;&gt;#25897&lt;/a&gt; Admin UI: Show realm display name on welcome page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25908&quot;&gt;#25908&lt;/a&gt; Could not format default value for log formats &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25915&quot;&gt;#25915&lt;/a&gt; Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25935&quot;&gt;#25935&lt;/a&gt; Create Infinispan metrics with labels instead of long metric names &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25962&quot;&gt;#25962&lt;/a&gt; Missing localization of cs+sk messages &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25979&quot;&gt;#25979&lt;/a&gt; User profile attribute names with strange characters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25985&quot;&gt;#25985&lt;/a&gt; Enable verify-profile required action by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26068&quot;&gt;#26068&lt;/a&gt; Reduce internal unsupported options in the Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26083&quot;&gt;#26083&lt;/a&gt; Change RHDG references to Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26092&quot;&gt;#26092&lt;/a&gt; Do not use raw parameterized PropertyMapper &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26146&quot;&gt;#26146&lt;/a&gt; Migration docs for https://github.com/keycloak/keycloak/issues/15190 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26172&quot;&gt;#26172&lt;/a&gt; Permanently lock users out after X temporary lockouts during a brute force attack &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26198&quot;&gt;#26198&lt;/a&gt; Comprehensive log for the LoggingDistTest and Quarkus IT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26220&quot;&gt;#26220&lt;/a&gt; Don&#39;t differentiate Windows for getting started &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26223&quot;&gt;#26223&lt;/a&gt; Use `--http-max-queued-requests` option in Keycloak HA documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26241&quot;&gt;#26241&lt;/a&gt; Do not use general debug log level for tests  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26315&quot;&gt;#26315&lt;/a&gt; Fully remove reasteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26320&quot;&gt;#26320&lt;/a&gt; Allow formating numbers when rendering attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26325&quot;&gt;#26325&lt;/a&gt; Remove unused HttpResponse.setWriteCookiesOnTransactionComplete &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26402&quot;&gt;#26402&lt;/a&gt; Improve wording in Concepts for configuring thread pools section in documentation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26416&quot;&gt;#26416&lt;/a&gt; Remove support for old cookie path &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26430&quot;&gt;#26430&lt;/a&gt; Implement stricter controls at token endpoint for PKCE verification &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26457&quot;&gt;#26457&lt;/a&gt; Remove support for multiple AUTH_SESSION_ID cookies &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26469&quot;&gt;#26469&lt;/a&gt; Documentation for verify-profile required action enabled by default &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26485&quot;&gt;#26485&lt;/a&gt; Add missing Arabic translations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26489&quot;&gt;#26489&lt;/a&gt; Ability to have alternative default user-profile configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26530&quot;&gt;#26530&lt;/a&gt; Map Store Removal: Remove `RealmModel` from authorization services interfaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26552&quot;&gt;#26552&lt;/a&gt; Do we need to hide &quot;required&quot; settings for email? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26570&quot;&gt;#26570&lt;/a&gt; Upgrade liquibase to 4.25.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26585&quot;&gt;#26585&lt;/a&gt; Improve UX of read-only attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26587&quot;&gt;#26587&lt;/a&gt; Documentation for SuppressRefreshTokenRotationExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26589&quot;&gt;#26589&lt;/a&gt; Allow Case-Insensitive Search on Provider Info Page in Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26598&quot;&gt;#26598&lt;/a&gt; Map Store Removal: deprecate model legacy module &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26626&quot;&gt;#26626&lt;/a&gt; Brute force detection should issue event for temporary lockout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26634&quot;&gt;#26634&lt;/a&gt; Documentation for default validation changes due user-profile enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26683&quot;&gt;#26683&lt;/a&gt; Remove explicitly set `lit-element` version &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26689&quot;&gt;#26689&lt;/a&gt; Update Maven dependency versions for docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26701&quot;&gt;#26701&lt;/a&gt; Upgrade to Quarkus 3.7.1 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26730&quot;&gt;#26730&lt;/a&gt; Add Multi-AZ Aurora DB to CI store-integration-tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26776&quot;&gt;#26776&lt;/a&gt; Update documentation to use new Infinispan configuration options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26781&quot;&gt;#26781&lt;/a&gt; Update HA guide about non-blocking probes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26810&quot;&gt;#26810&lt;/a&gt; Shorter lifespan for offline session cache entries in memory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26812&quot;&gt;#26812&lt;/a&gt; Upgrade to embedded Infinispan 14.0.24 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26819&quot;&gt;#26819&lt;/a&gt; Use version specific tag for Keycloak images in the docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26859&quot;&gt;#26859&lt;/a&gt; Upgrade to Quarkus 3.8 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26898&quot;&gt;#26898&lt;/a&gt; User profile: Add regression test for select inputs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26910&quot;&gt;#26910&lt;/a&gt; Keycloak Operator should add service-ca.crt to the truststore &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26916&quot;&gt;#26916&lt;/a&gt; Upgrade to Quarkus 3.7.2 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26919&quot;&gt;#26919&lt;/a&gt; doc: add a clear mention in the documentation about the storage of the refresh and access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26921&quot;&gt;#26921&lt;/a&gt; Use latest OLM version for Operator CI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26929&quot;&gt;#26929&lt;/a&gt; Ignore unrecognized truststore formats if `--truststore-paths` is a directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26967&quot;&gt;#26967&lt;/a&gt; Aurora Postgres IT: Upload flaky and surefire test reports &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27036&quot;&gt;#27036&lt;/a&gt; Upgrade to Quarkus 3.7.3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27048&quot;&gt;#27048&lt;/a&gt; Add Amazon Aurora PostgreSQL to the list of tested databases &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27078&quot;&gt;#27078&lt;/a&gt; Update Keycloak HA Guide new resource limit settings &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27084&quot;&gt;#27084&lt;/a&gt; Remove the preview note from Keycloak&#39;s HA guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27093&quot;&gt;#27093&lt;/a&gt; &quot;Open ID Connect&quot; in docs / UIs should be &quot;OpenID Connect&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27105&quot;&gt;#27105&lt;/a&gt; Add New User Registration Option on WebAuthn Authentication UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27121&quot;&gt;#27121&lt;/a&gt; Remove references to Quarkus docs and absolute URLs from HA Guide docs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27123&quot;&gt;#27123&lt;/a&gt; Use AWS JDBC Wrapper in CI tests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27125&quot;&gt;#27125&lt;/a&gt; Add warning about too long attribute values &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27143&quot;&gt;#27143&lt;/a&gt; Distinguish user registration action label from the security key registration action&#39;s one &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27147&quot;&gt;#27147&lt;/a&gt; Replace &quot;Security Key&quot; with &quot;Passkey&quot; in WebAuthn UIs and their documents &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication/webauthn&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27148&quot;&gt;#27148&lt;/a&gt; Allow overriding the default validators added to attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27169&quot;&gt;#27169&lt;/a&gt; Tweak the default memory request and limit in the Operator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27190&quot;&gt;#27190&lt;/a&gt; a11y improvements on login page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27226&quot;&gt;#27226&lt;/a&gt; Upgrade to Quarkus 3.7.4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27238&quot;&gt;#27238&lt;/a&gt; Add option to clients to use lightweight access token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27280&quot;&gt;#27280&lt;/a&gt; Upgrade to Infinispan 14.0.25 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27281&quot;&gt;#27281&lt;/a&gt; Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27315&quot;&gt;#27315&lt;/a&gt; Change docker image to container image &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27324&quot;&gt;#27324&lt;/a&gt; Remove RHSSO product documentation from upgrading guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27326&quot;&gt;#27326&lt;/a&gt; Edit Keycloak 24.0 release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27327&quot;&gt;#27327&lt;/a&gt; Harmonize behaviour of different CertificateUtilsProvider implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27440&quot;&gt;#27440&lt;/a&gt; Edit Keycloak 23.x Release Notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27452&quot;&gt;#27452&lt;/a&gt; Edit Keycloak 24 Upgrade guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
-&lt;h3&gt;Bugs&lt;/h3&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/9871&quot;&gt;#9871&lt;/a&gt; Remove Infinispan workarounds introduced to prevent deadlocks &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/11178&quot;&gt;#11178&lt;/a&gt; Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13080&quot;&gt;#13080&lt;/a&gt; Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/13368&quot;&gt;#13368&lt;/a&gt; Issue when using DenyAuthenticator in direct-grant flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14448&quot;&gt;#14448&lt;/a&gt; Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14581&quot;&gt;#14581&lt;/a&gt; HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/14776&quot;&gt;#14776&lt;/a&gt; Mail verification isn&#39;t working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/16260&quot;&gt;#16260&lt;/a&gt; Incorrect handling of OptionParserException in kcadm &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17155&quot;&gt;#17155&lt;/a&gt; UPDATED_PASSWORD user action shouldn&#39;t be triggered when login with linked IdP &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/17449&quot;&gt;#17449&lt;/a&gt; Removing the Realm ID and saving causes the realm to be vanished from the list of the realms &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19183&quot;&gt;#19183&lt;/a&gt; token-exchange does apply clientScopes of the origin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19294&quot;&gt;#19294&lt;/a&gt; Error on starting keycloak when foldername contains &quot;)&quot; using kc.bat.  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/19886&quot;&gt;#19886&lt;/a&gt; Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20304&quot;&gt;#20304&lt;/a&gt; When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/20867&quot;&gt;#20867&lt;/a&gt; Control redirect after password reset &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21127&quot;&gt;#21127&lt;/a&gt; During password reset, the baseURL is not shown on the info page after browser restart &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21151&quot;&gt;#21151&lt;/a&gt; Realm import stack overflow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak import-export&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21409&quot;&gt;#21409&lt;/a&gt; Brute Force Detection is disabled when updating frontenUrl via admin client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21542&quot;&gt;#21542&lt;/a&gt; Context path missing in URL on OTP page to switch between QR code and manual code &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21730&quot;&gt;#21730&lt;/a&gt; v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/21951&quot;&gt;#21951&lt;/a&gt; Unable to use `&lt;` as part of a password &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22082&quot;&gt;#22082&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22401&quot;&gt;#22401&lt;/a&gt; Common resources in Welcome page didn&#39;t resolve correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak welcome/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22431&quot;&gt;#22431&lt;/a&gt; Localization: Admin UI doesn&#39;t pick up message bundles from realms other than master  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22507&quot;&gt;#22507&lt;/a&gt; User profile attributes not localized in account console V3 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22540&quot;&gt;#22540&lt;/a&gt; Description of &quot;Configuring sources for Keycloak&quot; inconsistent / misleading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22555&quot;&gt;#22555&lt;/a&gt; Docs: server_development/topics/identity-brokering.adoc &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22660&quot;&gt;#22660&lt;/a&gt; Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22691&quot;&gt;#22691&lt;/a&gt; Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22836&quot;&gt;#22836&lt;/a&gt; Invalid redirect uri when identity provider alias has spaces &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22904&quot;&gt;#22904&lt;/a&gt; Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/22958&quot;&gt;#22958&lt;/a&gt; KeycloakErrorHandler  NullPointerException String.toLowe rCase() because message is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23023&quot;&gt;#23023&lt;/a&gt; Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23056&quot;&gt;#23056&lt;/a&gt; Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23217&quot;&gt;#23217&lt;/a&gt; NoSuchFileException with ${kc.home.dir} on Windows &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23229&quot;&gt;#23229&lt;/a&gt; Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23268&quot;&gt;#23268&lt;/a&gt; New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23399&quot;&gt;#23399&lt;/a&gt; Audience is lost after refreshing a RPT &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23683&quot;&gt;#23683&lt;/a&gt; Default-Value in UI for krbPrincipalAttribute is error prone &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23699&quot;&gt;#23699&lt;/a&gt; Account v3 theme - Localization not working on account console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23786&quot;&gt;#23786&lt;/a&gt; Failure: FipsDistTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/23966&quot;&gt;#23966&lt;/a&gt; Group members are displayed incorrectly when using LDAP in READ_ONLY mode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24082&quot;&gt;#24082&lt;/a&gt; Selected locale is not taking into accoun in  `keycloak.v3 account` theme &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24141&quot;&gt;#24141&lt;/a&gt; LDAP user mapper for username: user appears twice in the GUI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24144&quot;&gt;#24144&lt;/a&gt; Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24200&quot;&gt;#24200&lt;/a&gt; NPE in User Session Note mapper on Token Exchange &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak token-exchange&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24219&quot;&gt;#24219&lt;/a&gt; admin-fine-grained-authz + client authorization settings requires view-client role &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24323&quot;&gt;#24323&lt;/a&gt; Refresh request ignores scope parameter from refresh request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24353&quot;&gt;#24353&lt;/a&gt; Keycloak operator tries to manipulate Secret which is not managed by Keycloak &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24361&quot;&gt;#24361&lt;/a&gt; Adding scopes via registration_client_uri does not work when using Dynamic Client Registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24369&quot;&gt;#24369&lt;/a&gt; UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24459&quot;&gt;#24459&lt;/a&gt; Keycloak fails to start when uninstalling custom provider &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24464&quot;&gt;#24464&lt;/a&gt; Tabbing is not working in forms inside dropdown &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24485&quot;&gt;#24485&lt;/a&gt; NullPointerException when key is not available in the database &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24506&quot;&gt;#24506&lt;/a&gt; Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dependencies&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24508&quot;&gt;#24508&lt;/a&gt; Deadlock when pre-loading remote sessions from external Infinispan &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24595&quot;&gt;#24595&lt;/a&gt; Leaving Single Sign Out page open for too long and then confirming logout leads to error page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24626&quot;&gt;#24626&lt;/a&gt; Upgrade testsuite to use SpringBoot 2.7 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24651&quot;&gt;#24651&lt;/a&gt; Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authorization-services&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24652&quot;&gt;#24652&lt;/a&gt; SAML decryption fails if keycloak.saml.deprecated.encryption flag is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24718&quot;&gt;#24718&lt;/a&gt; Mapper Option &quot;Add to access token&quot; Toggled Off Despite Claim Added to Token &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24767&quot;&gt;#24767&lt;/a&gt; Improve LDAP Condition implementations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24783&quot;&gt;#24783&lt;/a&gt; Keycloak Admin UI - Help text not localized in Realm Events Setting UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24923&quot;&gt;#24923&lt;/a&gt; Importing Keycloak breaks typescript in esModule  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24960&quot;&gt;#24960&lt;/a&gt; OpenAPI spec doesn&#39;t match the admin API &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24961&quot;&gt;#24961&lt;/a&gt; Keycloak not able to handle multiple validating X509 certificates when public key are the same &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24980&quot;&gt;#24980&lt;/a&gt; The `DefaultActionToken` serializes a JSON Object with duplicate keys &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/24986&quot;&gt;#24986&lt;/a&gt; `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25001&quot;&gt;#25001&lt;/a&gt; Client redirect_uri check must be compared using exact string matching &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25016&quot;&gt;#25016&lt;/a&gt; Make password visibility css classes configurable for themes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25033&quot;&gt;#25033&lt;/a&gt; Typo in the balloon help of SAML Username Template Importer &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25041&quot;&gt;#25041&lt;/a&gt; Incomplete Spanish translations for Admin UI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25051&quot;&gt;#25051&lt;/a&gt; Unexpected Application Error when clicking &quot;Cancel&quot; on user creation page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25054&quot;&gt;#25054&lt;/a&gt; Read Only Access of the realm users&#39; &quot;Role mapping&quot; tab is broken for Admin Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25060&quot;&gt;#25060&lt;/a&gt; fix debug log string &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25078&quot;&gt;#25078&lt;/a&gt; Log Injection during WebAuthn authentication/registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25096&quot;&gt;#25096&lt;/a&gt; Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25110&quot;&gt;#25110&lt;/a&gt; User Profile attribute with &quot;Options&quot; shows options of another attribute if none set on it &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25111&quot;&gt;#25111&lt;/a&gt; RealmAdminResource.getGroupByPathGroup does not work with space in path parameter &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25173&quot;&gt;#25173&lt;/a&gt; Make sure username is lowercase when normalizing attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25183&quot;&gt;#25183&lt;/a&gt; NullPointerException thrown for UPConfig.getGroups() &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25208&quot;&gt;#25208&lt;/a&gt; GH Actions -&gt; Keycloak CI -&gt; MSSQL docker images fails during startup &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25231&quot;&gt;#25231&lt;/a&gt; CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25235&quot;&gt;#25235&lt;/a&gt; Unable to start after updating Docker container &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25290&quot;&gt;#25290&lt;/a&gt; Social Login Tests unable to retrieve Federated Access Token from user session &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25294&quot;&gt;#25294&lt;/a&gt; Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25322&quot;&gt;#25322&lt;/a&gt; Warning &quot;Event object wasn&#39;t available in remote cache&quot; when using remote store &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25392&quot;&gt;#25392&lt;/a&gt; Admin Console: Realm Dropdown should only show the realms the user has access to &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25417&quot;&gt;#25417&lt;/a&gt; Avoid keycloak-admin-client in UI to call admin console UI extension &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25423&quot;&gt;#25423&lt;/a&gt; Confusing error message by pr-backport.sh when not authenticated to gh &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25433&quot;&gt;#25433&lt;/a&gt; Key provider UI issue while saving - RSA &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25449&quot;&gt;#25449&lt;/a&gt; Clean up translations for DE/EN/NL for a first test-run of Weblate &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25451&quot;&gt;#25451&lt;/a&gt; Admin cli failing when adding roles to a 3rd group in a list &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25463&quot;&gt;#25463&lt;/a&gt; Unnecessary user profile metdata sent on user update &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25475&quot;&gt;#25475&lt;/a&gt; User Profile: If required roles (&quot;user&quot;) and reqired scopes are set, the required scopes have no effect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25502&quot;&gt;#25502&lt;/a&gt; Account v3 theme - theme.properties Custom theme scripts not loading &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25515&quot;&gt;#25515&lt;/a&gt; Deleting an atribute from the UI  is reseting the unmanaged attribute policy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25544&quot;&gt;#25544&lt;/a&gt; Post Logout Redirect URIs &quot;+&quot; behavior is inconsistent with other usages (i.e. Web Origins) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25565&quot;&gt;#25565&lt;/a&gt; OpenAPI: POST for /admin/realms response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25566&quot;&gt;#25566&lt;/a&gt; Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25584&quot;&gt;#25584&lt;/a&gt; iss not returned as query param in redirect to app when using &quot;prompt=none&quot; and user is not authenticated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25601&quot;&gt;#25601&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25604&quot;&gt;#25604&lt;/a&gt; OpenAPI: Client authz endpoints without responses &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25628&quot;&gt;#25628&lt;/a&gt; Translations missing in user details role mapping &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25633&quot;&gt;#25633&lt;/a&gt; Parsing of labels issue IDs doesn&#39;t work with colons and the &quot;fixes&quot; keyword &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25636&quot;&gt;#25636&lt;/a&gt; &quot;Disable realm?&quot; displayed when disabling client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25642&quot;&gt;#25642&lt;/a&gt; Failure in KeycloakDistConfiguratorTest&#39;s &#39;missingHostname&#39; check &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25649&quot;&gt;#25649&lt;/a&gt; OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25656&quot;&gt;#25656&lt;/a&gt; OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25660&quot;&gt;#25660&lt;/a&gt; Incorrect version of the fix in release notes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25677&quot;&gt;#25677&lt;/a&gt; Removing all group attributes no longer works with keycloak-admin-client (java) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-java&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25679&quot;&gt;#25679&lt;/a&gt; `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn&#39;t have access to see &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25699&quot;&gt;#25699&lt;/a&gt; Flaky test Job URL missing on some runs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25704&quot;&gt;#25704&lt;/a&gt; Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25714&quot;&gt;#25714&lt;/a&gt; Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25731&quot;&gt;#25731&lt;/a&gt; /admin/realms/{realm}/groups Endpoint is slow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25746&quot;&gt;#25746&lt;/a&gt; Using kcadm.sh create components result to 400 Bad Request &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25752&quot;&gt;#25752&lt;/a&gt; [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25753&quot;&gt;#25753&lt;/a&gt; Backchannel logout token is missing the &quot;exp&quot; claim &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25783&quot;&gt;#25783&lt;/a&gt; Since 23, start-dev command line arguments parsing is buggy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25789&quot;&gt;#25789&lt;/a&gt; User events: labels overlap content &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25827&quot;&gt;#25827&lt;/a&gt; admin ui uses hyphen instead of dot as realm attribute separator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25853&quot;&gt;#25853&lt;/a&gt; Timeouts after upgrade of download action v4 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25878&quot;&gt;#25878&lt;/a&gt; HTML emails in Catalan don&#39;t contain links &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25883&quot;&gt;#25883&lt;/a&gt; ldap-group-mapper fails when empty member: attribute is present &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25891&quot;&gt;#25891&lt;/a&gt; Optimize handling of terms and conditions during registration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25892&quot;&gt;#25892&lt;/a&gt; Test suite depends on artifacts built only when distribution profile is active &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25909&quot;&gt;#25909&lt;/a&gt; Keycloak HA Guide uses token for cross-site setup that expires &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25912&quot;&gt;#25912&lt;/a&gt; LDAP federation reports &quot;Creating new LDAP Store...&quot; on every login &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ldap&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25927&quot;&gt;#25927&lt;/a&gt; UI crash after using breadcrumb group navigation during an active group search &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25934&quot;&gt;#25934&lt;/a&gt; On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25939&quot;&gt;#25939&lt;/a&gt; Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25951&quot;&gt;#25951&lt;/a&gt; Masthead tests fail often &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25961&quot;&gt;#25961&lt;/a&gt; Native SQL Schema names broken on MySQL &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25977&quot;&gt;#25977&lt;/a&gt; No error message displayed when trying to add read-only attribute to some user in `Attributes` tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25980&quot;&gt;#25980&lt;/a&gt; Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/25981&quot;&gt;#25981&lt;/a&gt; GitHub Status check is green if the build fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26021&quot;&gt;#26021&lt;/a&gt; `mvn clean` does not work in js directory &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26032&quot;&gt;#26032&lt;/a&gt; Duplicate tooltip/label for refresh button on device activity page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26036&quot;&gt;#26036&lt;/a&gt; subgroups clickopen not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26040&quot;&gt;#26040&lt;/a&gt; Subgroups-check is incorrect, and therefore subgroups are not clickable &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26051&quot;&gt;#26051&lt;/a&gt; Name ID Format field is confusing for User Attribute Mapper For NameID &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26052&quot;&gt;#26052&lt;/a&gt; Configure OTP Form regenerates Secret on reload &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26059&quot;&gt;#26059&lt;/a&gt; Attempting to update settings for realm with &quot;dots&quot; in the name fails due to client side validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26060&quot;&gt;#26060&lt;/a&gt; Various Localization tab issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26075&quot;&gt;#26075&lt;/a&gt; Next time you start message references the wrong command &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26088&quot;&gt;#26088&lt;/a&gt; Rest custom JAX-RS resource in kc 23: Method not allowed &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26131&quot;&gt;#26131&lt;/a&gt; Localization: Realm overrides subtab  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26132&quot;&gt;#26132&lt;/a&gt; Localization: Effective message bundles subtab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26148&quot;&gt;#26148&lt;/a&gt; Keycloak JavaScript CI: client_scopes_test.spec.ts &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26156&quot;&gt;#26156&lt;/a&gt; A11y critical violation in ProviderId form field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26168&quot;&gt;#26168&lt;/a&gt; KC_DB_DRIVER is not propagated properly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/cli&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26177&quot;&gt;#26177&lt;/a&gt; Invalidate authentication session on repeated OTP failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26180&quot;&gt;#26180&lt;/a&gt; Invalidate authentication session on repeated Recovery Code failures &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26228&quot;&gt;#26228&lt;/a&gt; With fine grained permissions enabled, the grouptree rights check is not working correctly &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26231&quot;&gt;#26231&lt;/a&gt; keycloak-admin-client missing recent changes to group query parameters &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26236&quot;&gt;#26236&lt;/a&gt; Ensure community-maintained translations are not part of product build &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26266&quot;&gt;#26266&lt;/a&gt; Importing Realm with declarative user profile attributes fails &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26281&quot;&gt;#26281&lt;/a&gt; Incorrect example in the Keycloak operator configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26291&quot;&gt;#26291&lt;/a&gt; Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26295&quot;&gt;#26295&lt;/a&gt; Incomplete Chinese Translation for Login Page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak translations&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26308&quot;&gt;#26308&lt;/a&gt; Error when migrating from a realm where the user profile component does not hold any entry in the configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26323&quot;&gt;#26323&lt;/a&gt; Reset credentials action fails when triggered from first broker login flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26330&quot;&gt;#26330&lt;/a&gt; HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak saml&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26334&quot;&gt;#26334&lt;/a&gt; Resource and permission titles missing for a new client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26335&quot;&gt;#26335&lt;/a&gt; Bind flow modal broken &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26337&quot;&gt;#26337&lt;/a&gt; Write tests to cover binding a flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26350&quot;&gt;#26350&lt;/a&gt; Fix more A11y violations &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26358&quot;&gt;#26358&lt;/a&gt; Apparently incorrect tooltip on &quot;type&quot; field for a &quot;resource&quot; in a client &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26363&quot;&gt;#26363&lt;/a&gt; Search dialog for authorization policy is wrong? &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26374&quot;&gt;#26374&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26375&quot;&gt;#26375&lt;/a&gt; The role Unassign button enabled in admin console even if no roles are selected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26383&quot;&gt;#26383&lt;/a&gt; Labels for WebAuthN missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26390&quot;&gt;#26390&lt;/a&gt; More A11y Violations Detected &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26400&quot;&gt;#26400&lt;/a&gt; Workflow failure: Admin UI E2E - realm_test.spec.ts  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26407&quot;&gt;#26407&lt;/a&gt; Typo in disable dialog &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26409&quot;&gt;#26409&lt;/a&gt; Duplicate `key` for credentials on sign in page &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26418&quot;&gt;#26418&lt;/a&gt; Failed to link identity broker to user with a verified email by IdP email verification flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak identity-brokering&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26420&quot;&gt;#26420&lt;/a&gt; Labels for WebAuthN Passwordless missing in Account Console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26427&quot;&gt;#26427&lt;/a&gt; Operator CSV uses wrong format for `createdAt` field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26452&quot;&gt;#26452&lt;/a&gt; Row remains selected when &quot;cancel&quot; clicked on deleting translation in the Localization/Realm Overrides tab &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26464&quot;&gt;#26464&lt;/a&gt; &quot;Test connection&quot; on LDAPS URI does not test TLS handshake &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26468&quot;&gt;#26468&lt;/a&gt; SPI-truststore-file-type option appears to be invalid &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26490&quot;&gt;#26490&lt;/a&gt; Update Keycloak sizing guide after change of default hashing configuration &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26507&quot;&gt;#26507&lt;/a&gt; Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26529&quot;&gt;#26529&lt;/a&gt; Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26549&quot;&gt;#26549&lt;/a&gt; Mysterious settings changes due to Keycloak cluster changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26564&quot;&gt;#26564&lt;/a&gt; Issues related to IDNHomographValidator &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26584&quot;&gt;#26584&lt;/a&gt; User details locale select broken in realm specific admin console &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26588&quot;&gt;#26588&lt;/a&gt; Infinite loop during X509 authentication &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26597&quot;&gt;#26597&lt;/a&gt; Keycloak UI meets &quot;Internal Sever Error&quot; after save &quot;Refresh Token Max Reuse&quot; number &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26604&quot;&gt;#26604&lt;/a&gt; Arc container is null &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak dist/quarkus&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26609&quot;&gt;#26609&lt;/a&gt; allow sending realm in request without changing the kc admin object &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/client-js&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26612&quot;&gt;#26612&lt;/a&gt; Wrong delete messages in Realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26618&quot;&gt;#26618&lt;/a&gt; CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26631&quot;&gt;#26631&lt;/a&gt; Keycloak HA guide with blank and callout &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26635&quot;&gt;#26635&lt;/a&gt; Account UI ships too much Beer in user attributes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26636&quot;&gt;#26636&lt;/a&gt; Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26643&quot;&gt;#26643&lt;/a&gt; Replace &quot;message bundle&quot; text to &quot;translation&quot; in realm overrides &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26649&quot;&gt;#26649&lt;/a&gt; PhantomJS does not send secure cookies over http://localhost &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26651&quot;&gt;#26651&lt;/a&gt; [keycloak.js] useNonce parameter is all-or-nothing &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak adapter/javascript&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26653&quot;&gt;#26653&lt;/a&gt; Disallow removing required filters when searching for effective message bundle. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26665&quot;&gt;#26665&lt;/a&gt; Unable to modify access token lifespan at realm level. Keycloak stops working. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26668&quot;&gt;#26668&lt;/a&gt; Wrong help for &quot;Create initial access token&quot; expiration field &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26686&quot;&gt;#26686&lt;/a&gt; Not possible to build documentation after quarkus upgrade &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26697&quot;&gt;#26697&lt;/a&gt; When creating a user federation mapper changing the type doesn&#39;t change User Roles Retrieve Strategy &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26716&quot;&gt;#26716&lt;/a&gt; User Profile Applies Validation To Service Account Users &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26727&quot;&gt;#26727&lt;/a&gt; Auto layout of authenticator flow graph only applies the second time &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26747&quot;&gt;#26747&lt;/a&gt; Tooltip for attribute name in user-profile configuration is incorrect &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26750&quot;&gt;#26750&lt;/a&gt; Empty error message when validation issue due the PersonNameProhibitedValidator validation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26782&quot;&gt;#26782&lt;/a&gt; Accessing userinfo fails with CORS when token is expired or session is deleted &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26790&quot;&gt;#26790&lt;/a&gt; Workflow failure: Operator IT on OpenShift &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26792&quot;&gt;#26792&lt;/a&gt; User profile &#39;uri&#39; validator not working &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26816&quot;&gt;#26816&lt;/a&gt; Keycloak server admin docs needs change with the new hashing iteration changes &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26818&quot;&gt;#26818&lt;/a&gt; bug in operator example yaml &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak operator&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26826&quot;&gt;#26826&lt;/a&gt; Freemarker erroneously escapes/sanitizes URL in template.ftl (&amp;amp;) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak login/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26830&quot;&gt;#26830&lt;/a&gt; Duplicate &quot;Refresh&quot; buttons present in admin-ui &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26834&quot;&gt;#26834&lt;/a&gt; Disabling &quot;Reset OTP&quot; in &quot;Reset credentials&quot; flow throws error on &quot;forgot password&quot; &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak authentication&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26853&quot;&gt;#26853&lt;/a&gt; Fixing anchors in security apps guide in prod profile &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26856&quot;&gt;#26856&lt;/a&gt; Remove custom user attributes section in server developer guide &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26937&quot;&gt;#26937&lt;/a&gt; Once all default client scopes are deleted from the realm we can&#39;t create a new custom role. &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26941&quot;&gt;#26941&lt;/a&gt; When loading entries from a remote store at startup, no lifespan or expiry is set &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26951&quot;&gt;#26951&lt;/a&gt; Roles admin REST API for creating roles: Composite roles are expanded &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/api&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/26983&quot;&gt;#26983&lt;/a&gt; Group not found in list after creation &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27002&quot;&gt;#27002&lt;/a&gt; Refresh doesn&#39;t work in Localization/Effective message bundles &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27005&quot;&gt;#27005&lt;/a&gt; Unable to approve/deny permission requests &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27031&quot;&gt;#27031&lt;/a&gt; Having read-only attributes stored at a user leads to validation warning on every login  &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27095&quot;&gt;#27095&lt;/a&gt; Cache Keys for Group pagination and other entries cannot be invalidated and updated &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak infinispan&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27120&quot;&gt;#27120&lt;/a&gt; Microsoft social login failure &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak testsuite&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27133&quot;&gt;#27133&lt;/a&gt; Workflow failure: Keycloak CI - Store IT (aurora-postgres) &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27137&quot;&gt;#27137&lt;/a&gt; Users with fine-grained permissions can not create a user &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27140&quot;&gt;#27140&lt;/a&gt; Locale selector is unnecessarily visible without rights to locales &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27162&quot;&gt;#27162&lt;/a&gt; Default locale is set to null when not explicitly choosing a locale &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27173&quot;&gt;#27173&lt;/a&gt; Newly created authentication subflow is always disabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27234&quot;&gt;#27234&lt;/a&gt; Cannot update email in account console with `update-email` feature enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak account/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27243&quot;&gt;#27243&lt;/a&gt; Account console not working when lightweight-access-tokens used &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27271&quot;&gt;#27271&lt;/a&gt; AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27284&quot;&gt;#27284&lt;/a&gt; FolderTheme does not support Locales with extensions &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak core&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27290&quot;&gt;#27290&lt;/a&gt; AWS JDBC driver throws ConcurrentModificationException &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak storage&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27297&quot;&gt;#27297&lt;/a&gt; Check for duplicated usernames and emails when Login with email option is enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak user-profile&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27316&quot;&gt;#27316&lt;/a&gt; Server admin guide not building downstream due to missing IDs &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak docs&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27337&quot;&gt;#27337&lt;/a&gt; Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak admin/ui&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27344&quot;&gt;#27344&lt;/a&gt; Secure Redirect URI executor issues &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27345&quot;&gt;#27345&lt;/a&gt; Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak ci&lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27406&quot;&gt;#27406&lt;/a&gt; JavaDocs generation broken after removal of resteasy-core &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27409&quot;&gt;#27409&lt;/a&gt; Apply remote store workaround also for configuration via CLI options &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak &lt;/span&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;https://github.com/keycloak/keycloak/issues/27412&quot;&gt;#27412&lt;/a&gt; OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor &lt;span class=&quot;badge bg-secondary&quot;&gt;keycloak oidc&lt;/span&gt;&lt;/li&gt;
-&lt;/ul&gt;
-
 </description>
         <guid>https://www.keycloak.org/2023/02/keycloak-2100-released</guid>
         <pubDate>Thu, 23 Feb 2023 00:00:00 GMT</pubDate>