Keycloak 11.0.3 released

605 views
Skip to first unread message

Stian Thorgersen

unread,
Nov 5, 2020, 10:32:14 AM11/5/20
to Keycloak Dev, Keycloak User

Ionel GARDAIS

unread,
Nov 5, 2020, 10:46:54 AM11/5/20
to st...@redhat.com, Keycloak Dev, keycloak-user
Hi Stian,

JIRA's fixes for 11.0.3 is desesperatly empty :-/

--
Ionel GARDAIS
Tech'Advantage CIO - IT Team manager

De: "Stian Thorgersen" <stho...@redhat.com>
À: "Keycloak Dev" <keyclo...@googlegroups.com>, "keycloak-user" <keyclo...@googlegroups.com>
Envoyé: Jeudi 5 Novembre 2020 16:31:56
Objet: [*EXT*] [keycloak-user] Keycloak 11.0.3 released

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CAJgngAdOaoJbFmez1OhmBU7_Dztv4Ex422%3DWkzjgjEvFqpSWHA%40mail.gmail.com.


Thomas Darimont

unread,
Nov 5, 2020, 10:56:14 AM11/5/20
to Ionel GARDAIS, Stian Thorgersen, Keycloak Dev, keycloak-user
Hello Ionel,


Cheers,
Thomas

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/1338888045.700513.1604591210435.JavaMail.zimbra%40tech-advantage.com.

Stian Thorgersen

unread,
Nov 5, 2020, 11:03:21 AM11/5/20
to Ionel GARDAIS, Keycloak Dev, keycloak-user
I know - these are all security issues, and we don't open these up as there may be information within them that could be used in an exploit. We are trying to find a way to properly report security issues in a release, without the risk of leaking any information that shouldn't be leaked.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/1338888045.700513.1604591210435.JavaMail.zimbra%40tech-advantage.com.

Michael Ströder

unread,
Nov 5, 2020, 11:35:24 AM11/5/20
to st...@redhat.com, Ionel GARDAIS, Keycloak Dev, keycloak-user
On 11/5/20 5:02 PM, Stian Thorgersen wrote:
> I know - these are all security issues, and we don't open these up as
> there may be information within them that could be used in an exploit.

If attackers are capable of developing exploits they will be capable of
comparing the source code to compile enough information.

If the security information is not publicly available it's hard for an
admin to tell how urgent the update is.

Ciao, Michael.

Vinod NA

unread,
Nov 5, 2020, 11:45:57 AM11/5/20
to Michael Ströder, Stian Thorgersen, Ionel GARDAIS, Keycloak Dev, keycloak-user
Yes, I agree with Michael. The attackers are more clever than regular Keycloak users. I think we should inform the community that it's a security patch release.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.

Garth

unread,
Nov 5, 2020, 1:21:03 PM11/5/20
to keyclo...@googlegroups.com
Thanks Stian!

I don't know if it's the first time the new "Keycloak.X Preview" download was added to the release page, but it's the first time I noticed it. However, both the zip and the tgz give a 404 when I try to download them. Can you please post the correct links?

Also, is there a guide to running Keycloak X? I haven't heard much about details since the blog post a year ago <https://www.keycloak.org/2019/10/keycloak-x>.

On Thu, Nov 5, 2020, at 4:31 PM, Stian Thorgersen wrote:
> https://www.keycloak.org/2020/11/keycloak-1103-released.html
>
> --
> You received this message because you are subscribed to the Google
> Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to keycloak-use...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/keycloak-user/CAJgngAdOaoJbFmez1OhmBU7_Dztv4Ex422%3DWkzjgjEvFqpSWHA%40mail.gmail.com <https://groups.google.com/d/msgid/keycloak-user/CAJgngAdOaoJbFmez1OhmBU7_Dztv4Ex422%3DWkzjgjEvFqpSWHA%40mail.gmail.com?utm_medium=email&utm_source=footer>.

Huw McNamara

unread,
Nov 6, 2020, 4:47:17 AM11/6/20
to Keycloak User
Are the artifacts for the new version going to be published in maven soon?
https://mvnrepository.com/artifact/org.keycloak/keycloak-core has latest at 11.0.2

Stian Thorgersen

unread,
Nov 6, 2020, 6:42:34 AM11/6/20
to Garth, Keycloak User
That's a mistake. Keycloak X is coming in Keycloak 12 to be released soon.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/3ae3c248-4986-41f7-85b0-a385847032ab%40www.fastmail.com.

Stian Thorgersen

unread,
Nov 6, 2020, 6:45:41 AM11/6/20
to Huw McNamara, Keycloak User
They're in JBoss Nexus repository, not sure why they haven't synced to Maven Central yet. Sometimes it takes a little while.

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/5db7e349-8269-4522-89f6-f1e7fc327b97n%40googlegroups.com.

Jeesmon Jacob

unread,
Nov 6, 2020, 7:34:50 AM11/6/20
to Keycloak User
Is there a plan to update operator-hub with  v11.0.3 of keycloak-operator? Latest is 11.0.0 in operator-hub.

Thanks

dc...@prosentient.com.au

unread,
Nov 9, 2020, 7:12:41 PM11/9/20
to st...@redhat.com, Keycloak User

Hi Stian,

 

This is the first I’m hearing about Keycloak.X, but it sounds very exciting.

 

When you say that Keycloak 12 is to be released soon, is that in 2020 or 2021? It could be interesting to look at over the holidays.

 

David Cook

Software Engineer

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595

Stian Thorgersen

unread,
Nov 10, 2020, 9:31:33 AM11/10/20
to dc...@prosentient.com.au, Keycloak User


On Tue, 10 Nov 2020, 01:12 , <dc...@prosentient.com.au> wrote:

Hi Stian,

 

This is the first I’m hearing about Keycloak.X, but it sounds very exciting.

 

When you say that Keycloak 12 is to be released soon, is that in 2020 or 2021? It could be interesting to look at over the holidays.

Next week probably.

dc...@prosentient.com.au

unread,
Nov 10, 2020, 5:30:53 PM11/10/20
to st...@redhat.com, Keycloak User

That’s a very reasonable definition of “soon”! Great!

 

On that note, how long will Keycloak 11.x.x be supported? We’ve sunk a fair amount of effort into the Wildfly-based Keycloak, so I think it will take some time to switch to Keycloak 12. I imagine a lot of people would be in a similar boat, although I’ll be keen to try out Keycloak 12 as soon as it comes out for dev/testing.

 

David Cook

Software Engineer

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595

 

dc...@prosentient.com.au

unread,
Dec 1, 2020, 5:33:52 PM12/1/20
to st...@redhat.com, Keycloak User

Hi Stian,

 

Any more news about Keycloak 12?

 

Based on https://issues.redhat.com/secure/RapidBoard.jspa?rapidView=4287, I’m guessing that there is still quite a bit of work left to do?

 

David Cook

Software Engineer

Prosentient Systems

72/330 Wattle St

Ultimo, NSW 2007

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595

 

From: keyclo...@googlegroups.com <keyclo...@googlegroups.com> On Behalf Of Stian Thorgersen


Sent: Wednesday, 11 November 2020 1:31 AM
To: dc...@prosentient.com.au

Reply all
Reply to author
Forward
0 new messages