[keycloak-dev] PR - Remove Keycloak version from resource paths
Stan Silvert
ssilvert at redhat.com
Thu Nov 14 08:26:53 EST 2019
+1
On 11/14/2019 6:36 AM, Stian Thorgersen wrote:
> Today, Keycloak includes the Keycloak version in resource paths to make
> sure browsers fetch the new versions of resources after an upgrade.
>
> It is not good practice to expose the version of software on public
> endpoints, as such we need to change this behavior.
>
> To achieve this I've updated the migration model to create a random 5
> character URL friendly id that is persisted in the database, which is then
> used in place of the Keycloak version.
>
> That means there will be a unique resource version for each installation of
> Keycloak, which is updated when Keycloak is upgraded. To prevent conflicts
> the previous versions are not deleted from the migration model.
>
> PR is here: https://github.com/keycloak/keycloak/pull/6473
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list