CCCHH/keycloak-attribute-endpoints-provider
0
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Activity Actions

Update Keycloak packages to v26.6.1 #15

Open
renovate wants to merge 1 commit from renovate/keycloak-packages into main
pull from: renovate/keycloak-packages
merge into: CCCHH:main
Conversation 0 Commits 1 Files changed 2 +2 -2
renovate commented 2026-04-16 02:32:58 +02:00
Member
Copy link

This PR contains the following updates:

Package Type Update Change Age Confidence
quay.io/keycloak/keycloak patch 26.6.026.6.1 age confidence
org.keycloak:keycloak-parent (source) import patch 26.6.026.6.1 age confidence

Release Notes

keycloak/keycloak (org.keycloak:keycloak-parent)

v26.6.1

Compare Source

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Security fixes

  • #​47276 CVE-2026-4366 Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling core
  • #​47619 CVE-2026-4633 Keycloak user enumeration via identity-first login core

Enhancements

Bugs

  • #​47435 AuroraDB IT CI workflow not cleaning up databases testsuite
  • #​47737 deploy-testsuite profile is incomplete, causing discrete testsuite execution to fail testsuite
  • #​47776 False session type of access token in offline_access refresh token flow with scope parameter without offline_access scope oidc
  • #​47827 az vm create fails with JSON parsing error ci
  • #​47872 v26.6.0 Operator flood logs with warnings operator
  • #​47889 Not possible to sync latest keycloak-admin-client to keycloak-client admin/client-java
  • #​47904 @​keycloak/keycloak-admin-client fails to install in version 26.6.0 admin/client-js
  • #​47905 invalid package reference in keycloak-admin-ui admin/ui
  • #​47908 MigrateTo26_6_0 modifies custom browser flows, breaking existing realm authentication organizations
  • #​47929 User profile multiselect options not highlighted as selected in dropdown admin/ui
  • #​47955 IdentityProviderAuthenticator creates an infinite redirect loop when an IdP returns an error (e.g. access_denied) and the login was initiated with kc_idp_hint identity-brokering
  • #​48015 Missing explicit docs anchor for organizations docs
  • #​48032 Endpoint Response Text during Bootstrap contains Typo: Boostrap dist/quarkus

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [quay.io/keycloak/keycloak](https://github.com/keycloak-rel/keycloak-rel) | | patch | `26.6.0` → `26.6.1` | ![age](https://developer.mend.io/api/mc/badges/age/docker/quay.io%2fkeycloak%2fkeycloak/26.6.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/quay.io%2fkeycloak%2fkeycloak/26.6.0/26.6.1?slim=true) | | [org.keycloak:keycloak-parent](http://keycloak.org) ([source](https://github.com/keycloak/keycloak)) | import | patch | `26.6.0` → `26.6.1` | ![age](https://developer.mend.io/api/mc/badges/age/maven/org.keycloak:keycloak-parent/26.6.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/maven/org.keycloak:keycloak-parent/26.6.0/26.6.1?slim=true) | --- ### Release Notes <details> <summary>keycloak/keycloak (org.keycloak:keycloak-parent)</summary> ### [`v26.6.1`](https://github.com/keycloak/keycloak/releases/tag/26.6.1) [Compare Source](https://github.com/keycloak/keycloak/compare/26.6.0...26.6.1) <div> <h2>Upgrading</h2> <p>Before upgrading refer to <a href="https://www.keycloak.org/docs/latest/upgrading/#migration-changes">the migration guide</a> for a complete list of changes.</p> <h2>All resolved issues</h2> <h3>Security fixes</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/47276">#&#8203;47276</a> CVE-2026-4366 Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling <code>core</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47619">#&#8203;47619</a> CVE-2026-4633 Keycloak user enumeration via identity-first login <code>core</code></li> </ul> <h3>Enhancements</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/47839">#&#8203;47839</a> Update CloudNativePG to 1.29 </li> <li><a href="https://github.com/keycloak/keycloak/issues/47909">#&#8203;47909</a> Database data at rest encryption </li> </ul> <h3>Bugs</h3> <ul> <li><a href="https://github.com/keycloak/keycloak/issues/47435">#&#8203;47435</a> AuroraDB IT CI workflow not cleaning up databases <code>testsuite</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47737">#&#8203;47737</a> deploy-testsuite profile is incomplete, causing discrete testsuite execution to fail <code>testsuite</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47776">#&#8203;47776</a> False session type of access token in offline_access refresh token flow with scope parameter without offline_access scope <code>oidc</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47827">#&#8203;47827</a> az vm create fails with JSON parsing error <code>ci</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47872">#&#8203;47872</a> v26.6.0 Operator flood logs with warnings <code>operator</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47889">#&#8203;47889</a> Not possible to sync latest keycloak-admin-client to keycloak-client <code>admin/client-java</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47904">#&#8203;47904</a> @&#8203;keycloak/keycloak-admin-client fails to install in version 26.6.0 <code>admin/client-js</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47905">#&#8203;47905</a> invalid package reference in keycloak-admin-ui <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47908">#&#8203;47908</a> MigrateTo26_6_0 modifies custom browser flows, breaking existing realm authentication <code>organizations</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47929">#&#8203;47929</a> User profile multiselect options not highlighted as selected in dropdown <code>admin/ui</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/47955">#&#8203;47955</a> IdentityProviderAuthenticator creates an infinite redirect loop when an IdP returns an error (e.g. access_denied) and the login was initiated with kc_idp_hint <code>identity-brokering</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/48015">#&#8203;48015</a> Missing explicit docs anchor for organizations <code>docs</code></li> <li><a href="https://github.com/keycloak/keycloak/issues/48032">#&#8203;48032</a> Endpoint Response Text during Bootstrap contains Typo: Boostrap <code>dist/quarkus</code></li> </ul> </div> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Update Keycloak packages to v26.6.1
All checks were successful
/ Verify (push) Successful in 1m6s
Details
/ Verify (pull_request) Successful in 1m4s
Details
5d6743fd61
All checks were successful
/ Verify (push) Successful in 1m6s
Details
/ Verify (pull_request) Successful in 1m4s
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/keycloak-packages:renovate/keycloak-packages
git switch renovate/keycloak-packages

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/keycloak-packages
git switch renovate/keycloak-packages
git rebase main
git switch main
git merge --ff-only renovate/keycloak-packages
git switch renovate/keycloak-packages
git rebase main
git switch main
git merge --no-ff renovate/keycloak-packages
git switch main
git merge --squash renovate/keycloak-packages
git switch main
git merge --ff-only renovate/keycloak-packages
git switch main
git merge renovate/keycloak-packages
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
CCCHH/keycloak-attribute-endpoints-provider!15
No description provided.